Cyber criminals no longer only target large corporates. Big or small business, city or small town – no one is exempt from criminals trying to gain access to your money or personal information. Yes, even your business. According to Santam’s specialist liability insurance underwriting manager SHA, around 974 million company records were lost or stolen in 2014 – that’s around 31 records every second. What’s more, cyber crime cost South African businesses an estimated R5.8bn. Breaches continue at an alarming rate: South Africa has the third highest number of cyber crime victims worldwide, while cyber crime is now the fourth most reported economic crime in South Africa, according to the findings of PwC's 2016 Global Economic Crime Survey. Almost a third (32%) of the organisations that took part in the survey reported cyber crimes in the last 24 months.
With these shocking statistics in mind, we’ve put together information on the types of things cyber criminals are looking for, what a breach can mean for your business and ways to up your cyber security.
What cyber criminals are looking for
Top data targets include intellectual property and databases of personal information about employees, partners, suppliers and customers that can be used for identity theft and fraud. Credential theft is a very common and potentially devastating tactic use by cyber criminals. Other types of threats include:
- Attempting to ‘rent out’ computer resources
- Extortion, where data is held ransom
- Blackmailing businesses with DDoS attacks or threats of DDoS attacks. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
- Wi-Fi vulnerabilities: As an intermediary, you are probably often out and about, working from your laptop, tablet or mobile phone. As you look for free Wi-Fi networks, you may unknowingly connect to a shadow network – a system that is intended to look like any other public network except that it’s monitored by a cyber predator. Tip: set your device to not automatically connect to available networks.
The threats an intermediary should watch out for
As an intermediary, you will face the same risks as many of your clients who are small business owners. Criminals particularly look for this type of data to steal:
- Sensitive personal client information: Policy information typically includes ID numbers, addresses, car registration numbers – the list goes on. This is incredibly valuable information for criminals interested in identity fraud so you must ensure that access to this data is restricted and encrypted.
- Client bank details: Also part of policy information, do you store the bank details of your customers in a safe location?
- Business data: When dealing with business clients, you probably also store proprietary information that cyber criminals could sell to competitors. Again, be careful how you store these.
What a cyber crime incident could mean for your business
The immediate effect of a cyber attack is of course business interruption. You can’t run a business if you can’t use your computers or access important data, so you could lose valuable company time. Secondly, the reputational damage could be immense. Personal and business clients provide you with important personal information that could cause great financial damage if it fell into the wrong hands.
What’s more, depending on the damage that is done, you could be held liable and even face litigation. Therefore it’s imperative to have security measures in place to safeguard this information. It’s a good idea to back up your files daily and to store the data offsite or in the cloud. If you fall victim to cyber crime, you will have the most current records of the system, which should shorten any downtime considerably.
How to keep your business safe from cyber attacks
- Create your own security policy: Keep an eye out for news reports on the most common cyber threats. Be sure to stress the dangers of cyber crime to your employees and to constantly refresh their memories about the most important things they can do to protect your business. Warn them about common tricks, urge them to create strong passwords and remind them to regularly change passwords. Encourage them to ask if something feels a bit off.
- Passwords: We’re all human and it can be difficult to remember countless passwords. But you must encourage your staff to choose strong passwords and to change them regularly. A strong password is at least 10 characters long and includes symbols (%,@,*) and numbers. You can use Lastpass - a password manager that acts like a vault for all your account and password information – or use a password generator.
- Be careful with software installations: Be strict about what can be installed on company computers without authorisation to increase your computer security.
- Install a firewall and anti-virus software: These barriers have been designed to oppose spyware and virus and phishing attacks.
- Block access to restricted sites with internet filters: This will prevent employees and hackers from uploading data to storage clouds.
- Keep operating systems, software and browsers updated: Those pesky updates can be annoying but they exist for a reason so always perform them. Called ‘patches’, they exist to fix vulnerabilities in the software you use that can be exploited by hackers or malware.
How to respond to a cyber incident
Just like a fire drill, having a plan of action for responding to a cyber incident is crucial. Even more important, it should be practiced so that all your employees know exactly what to do in the event of a breach. Say your main database suffers a ransomware attack, how will you keep your business running? How will you reassure clients? You should also consider getting your own insurance. Protect yourself from a loss of income and help yourself recover from any cyber breaches by taking out relevant insurance.
If you want to find out more about the cyber crime threats your customers may be exposed to, watch this video of SHA’s Simon Colman on cyber liability and cyber security. Get in touch with your relationship manager or contact us if you have any queries about Santam products.