The pandemic hasn’t just impacted how businesses operate, it has changed how businesses use technology. Adapting to this new normal has forced many companies to digitise faster than they had planned - exposing them to new and unfamiliar risks. As of November, last year, South Africa had the third highest number of cybercrime victims in the world. This costs us R2.2 billion per year. The threat of cybercrime means that, businesses need to be extra vigilant to avoid disastrous data breaches and other cyber security incidents. Mitigating cybercrime risks should be a top priority for businesses.
Cybercrime affects businesses of all sizes. Last year Transnet was severely affected by a cybercrime attack. Similarly, the average small business hack can cost your company anywhere between R50 000 to R250 000 to recover from. Stopping at just beefing up your organisation’s antivirus software is not enough. You’ll need to have the proper procedures in place to manage POPI regulations, keep employees updated on how to avoid phishing scams and constantly back up your data. Most importantly, you will need adequate cover.
Following these tips can help keep your business safe:
It’s not just a big business problem
While larger businesses may appear to be more appealing targets, smaller ones are often vulnerable to attack due to a lack of advanced security measures and formalised protocols. A hack can potentially bankrupt a small business, whereas the average monthly cybercrime instalment premium is generally less than R1000.
New security measures for a new normal
With more people working from home and connecting back to the office without using VPNs, it's crucial to maintain information security and privacy. This means that companies need to meet with their IT departments to adjust their cyber security strategies.
These security measures could include:
- Providing work-issued devices to all employees working from home that are equipped with the adequate security protocols.
- Installing comprehensive anti-malware protection to detect malicious threats.
- Regular updates to address previously recognised vulnerabilities.
In addition, devices should only be used for work-related tasks to control the nature of online interactions, while business insurance policies should be broadened to include working from multiple locations.
Cybercriminals are constantly inventing new and creative ways to bypass firewalls, anti-virus protections and outdated software in their attempts to outwit IT professionals. Businesses, irrespective of company size, should familiarise themselves with the most common techniques used. These include:
- Phishing – when a person is targeted via email, phone, or text by someone posing as a legitimate (and often known) institution or individual to obtain personal information like credit card details or passwords. These emails often look like they come from a trusted source but with subtle differences like small spelling errors or unusual email addresses.
- Ransomware - involves encrypting all the data on a company’s hard drives and servers and demanding a ransom in exchange for its return. Most recently, credit reporting agency TransUnion fell victim to a ransomware attack that cost the organisation roughly R225 million.
Safety checks for your business:
- Create your own security policy: Keep an eye out for news reports on the most common cyber threats. Be sure to stress the dangers of cybercrime to your employees and to constantly refresh their memories about the most important things they can do to protect your business. Warn them about common tricks, urge them to create strong passwords and remind them to regularly change passwords. Encourage them to ask if something feels a bit off.
- Passwords: Ensure staff choose strong passwords and to change them regularly. A strong password is at least 10 characters long and includes symbols and numbers. You can use password generators to instantly create secure and random passwords.
- Be careful with software installations: Have strict protocols about what can be installed on company computers without authorisation to increase your computer security.
- Install a firewall and anti-virus software: These barriers have been designed to oppose spyware and virus and phishing attacks.
- Block access to restricted sites with internet filters: This will prevent employees and hackers from uploading data to storage clouds.
- Keep operating systems, software and browsers updated: Updates can be annoying, but they exist for a reason so always perform them. Called ‘patches’, they exist to fix vulnerabilities in the software you use that can be exploited by hackers or malware.
Check your cover:
It’s crucial to have cover in place that combines risk management services and insurance to cover business interruption costs, ransomware, forensic costs and whatever else your business may need. Innovation in the insurance industry has more momentum than ever before, which is just as well because the rising complexity of the emerging risks we face require a commitment to innovation.
The proliferation of technology coupled with remote work have created the ideal environment for smart, opportunistic cybercriminals. While cybercrime insurance provides quick access to service providers that help alleviate the resultant fallout and clean up required after an attack, simple measures can go a long way to help prevent major cyberattacks.