It’s not a matter of if, it’s a matter of when – cybercrime is on the rise

Cybercrime Risk management 3 min read 19 May 2021

The outbreak of COVID-19 has posed additional challenges to businesses as more and more employees are forced to work from home making cybersecurity a major concern.

 

Cyber criminals no longer only target large corporates. Big or small business, city or small town – no one is exempt from criminals trying to gain access to your money or personal information.  However, smaller businesses are arguably more vulnerable to cybercrimes than big businesses as they often lack the resources to mitigate these threats.  According to S&P Global Market Intelligence, cybercriminals are now pocketing an estimated $1.5 trillion annually — five times the approximate cost of natural disasters in 2017 and $500 billion more than U.S. insurance industry net premiums written in the same year.

 

According to Accenture, a leading global professional services company, South Africa might be a testing ground for malware due to less robust cybersecurity systems in place. They go on to say that, in 2020, South Africa had the third highest number of cybercrime victims globally with cyberattack losses totaling R2,2 billion. The country suffered 577 malware attacks every hour, with fraud via mobile banking apps doubling within a year.

 

With these statistics in mind and people adjusting to the new normal of remote working, we’ve put together information on the types of things cyber criminals are looking for, what a breach can mean for your business and ways to up your cyber security.

 

What cyber criminals are looking for

 

Top data targets include intellectual property and databases of personal information about employees, partners, suppliers and clients that can be used for identity theft and fraud. Credential theft is a very common and potentially devastating tactic used by cyber criminals. Other types of threats include:

 

  • Attempting to ‘rent out’ computer resources
  • Extortion, where data is held ransom
  • Blackmailing businesses with DDoS attacks or threats of DDoS attacks. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
  • Wi-Fi vulnerabilities: As an intermediary, you are probably often out and about, working from your laptop, tablet or mobile phone. As you look for free Wi-Fi networks, you may unknowingly connect to a shadow network – a system that is intended to look like any other public network except that it’s monitored by a cyber predator. Tip: set your device to not automatically connect to available networks.   

 

The threats an intermediary should watch out for

 

As an intermediary, you will face the same risks as many of your clients who are small business owners. Criminals particularly look for this type of data to steal:

 

  • Sensitive personal client information: Policy information typically includes ID numbers, addresses, car registration numbers – the list goes on. This is incredibly valuable information for criminals interested in identity fraud so you must ensure that access to this data is restricted and encrypted.
  • Client bank details: Since this is an integral part of policy information, make sure you store your clients’ bank details in a safe location.
  • Business data: When dealing with business clients, you probably also store proprietary information that cyber criminals could sell to competitors. Again, be careful how you store these. 

 

What a cybercrime incident could mean for your business

 

The immediate effect of a cyberattack is of course business interruption. You can’t run a business if you can’t use your computers or access important data, so you could lose valuable company time. Secondly, the reputational damage could be immense. Personal and business clients provide you with important personal information that could cause great financial damage if it fell into the wrong hands.

 

What’s more, depending on the damage that is done, you could be held liable and even face litigation. Therefore it’s imperative to have security measures in place to safeguard this information. It’s a good idea to back up your files daily and to store the data offsite or in the cloud. If you fall victim to cybercrime, you will have the most current records of the system, which should shorten any downtime considerably. 

 

How to keep your business safe from cyberattacks

 

  1. Create your own security policy: Keep an eye out for news reports on the most common cyber threats. Be sure to stress the dangers of cybercrime to your employees and to constantly refresh their memories about the most important things they can do to protect your business. Warn them about common tricks, urge them to create strong passwords and remind them to regularly change passwords. Encourage them to ask if something feels a bit off.
  2. Passwords: We’re all human and it can be difficult to remember countless passwords. But you must encourage your staff to choose strong passwords and to change them regularly. A strong password is at least 10 characters long and includes symbols (%,@,*) and numbers. You can use Lastpass - a password manager that acts like a vault for all your account and password information – or use a password generator.
  3. Be careful with software installations: Be strict about what can be installed on company computers without authorisation to increase your computer security.
  4. Install a firewall and anti-virus software: These barriers have been designed to oppose spyware and virus and phishing attacks.
  5. Block access to restricted sites with internet filters: This will prevent employees and hackers from uploading data to storage clouds.
  6. Keep operating systems, software and browsers updated: Those pesky updates can be annoying but they exist for a reason so always perform them. Called ‘patches’, they exist to fix vulnerabilities in the software you use that can be exploited by hackers or malware.

 

How to respond to a cyber incident

 

Just like a fire drill, having a plan of action for responding to a cyber incident is crucial. Even more important, it should be practiced so that all your employees know exactly what to do in the event of a breach. Say your main database suffers a ransomware attack, how will you keep your business running? How will you reassure clients? You should also consider getting your own insuranceProtect yourself from a loss of income and help yourself recover from any cyber breaches by taking out relevant insurance.

 

If you want to find out more about the cybercrime threats your clients may be exposed to, watch this video of SHA’s Simon Colman on cyber liability and cyber security.