Cybercrime has become very prevalent in South Africa, particularly during the COVID-19 pandemic. Cyber criminals have capitalised on the pandemic and are using this time to prey on consumers, as well as businesses and their employees who rely on internet services to operate remotely. Without measures in place to combat cybercrime, businesses are exposed to the various risks that result from cybercrime. You can protect yourself, your employees, business and clients from falling victim to cyber criminals by acting with due skill, care and diligence.
Board Notice 194 of 2017 prescribes that FSPs must have risk management policies, procedures and systems which must include, “systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information…”. These security policies must show how the FSP will safeguard the security, integrity and confidentiality of information, which includes physical security of assets and records, back-ups of data and disaster recovery plans. It further requires FSPs to consider appropriate measures to deal with cybersecurity threats.
The impact of cybercrime
Cybercrime presents many risks and negative consequences for you and your business. These include the risk of sensitive and confidential client information being leaked, and the risk of unauthorised, external access to the personal and financial data of employees, clients and third parties. Other risks of cybercrime include system unavailability and downtime, your business being held to ransom, loss of revenue and/or data, costs associated with reducing the impact of a breach, loss of competitive advantage, industry and regulatory fines and penalties, and litigation arising from compromised data.
Cybercrime that impacts clients financially or relates to use of their personal information could also impact your business reputation. Clients trust that you are dealing with their financial matters using due skill, care and diligence. A lack of trust negatively impacts client retention and growth. In turn, this affects your financial goals, as well as business profitability and sustainability.
Measures you can take to avoid becoming a victim of cybercrime
1. Educate yourself, your staff and clients about cybersecurity and different types of cybercrime
You need to stay one step ahead of cybercriminals. Take the time to learn the different types of cybercrime and ensure that all your employees have the necessary business applications and tools and security precautions to do their job and to protect business information. Alternatively, give them clear instructions on what they should use and where they can find it. Doing this may prevent employees from downloading malicious programmes that appear to be legitimate tools.
Also encourage and make cyber security courses available to employees. Masthead offers Cybersecurity Online Course which is designed to equip you with the know-how to protect yourself and your FSP from cybercrime on a day-to-day basis. Click here to read more.
2. Click with caution
If it sounds too good to be true, it probably is. Do not be tempted to click on links in email messages from people you do not know. These links could be a phishing scam or it could download malware onto your computer. There should be a lock symbol in your browser’s URL bar, or the website URL should begin with ‘https’. If in doubt, stay away.
3. Always double check information and instructions from clients
Do not accept that emailed instructions from clients are valid. You may want to add a validity check to confirm a client request. For example, upon receiving an email from a client, follow up via a phone call to the client confirming their emailed instructions are authentic. Your PI insurer may refuse to pay your claims if you do not have some of these checks in place.
You can also apply 2-factor authentication when allowing clients or staff access to confidential information or secure environments. For example, you can send a one-time password (OTP) when registered users enter their username and password. Alternatively, registered users could use an app on their phone for verification purposes.
Note: FSPs should review their PI Cover to establish if there are additional requirements around verifying instructions from their clients.
4. Install Antivirus software on your electronic devices
Electronic devices such as computers, cell phones and tablets are the gateway for cybercriminals. Installing an antivirus and keeping your security software up to date can help you protect your online business activities and keep them secure.
5. Only using trusted Wi-Fi networks
Hackers can access data while it is in transit on an unsecured wireless network. You can keep hackers out by enabling the firewall on your router and changing the router’s administrator password from its default password.
6. Use strong passwords
Short passwords that reference your birthday, middle name or pet’s name make it easy for hackers to access your data, so choose a password that is at least 10 characters long and combines letters, numbers and special characters. Changing your password periodically reduces the likelihood of it being compromised.
Take care with your passwords. Many people use the same password for many different websites and applications. They also use passwords that are easy to remember. Consider using a password manager – many are available as free applications – to avoid using the same password on numerous websites.
7. Backup your data regularly
This ensures you still have your data if anything goes wrong. Monitor your accounts and credit reports to make sure a hacker has not stolen your information or identity.
By acting with due skill, care and diligence, your business can protect clients against unfair outcomes, such as becoming a victim of cybercrime. It also protects your business against reputational and financial damage. Be sure to review your business processes and retrain employees to mitigate the risk of cybercrime. Information should also be communicated to clients to minimise their risk of suffering financially and their data being breached. Cybercrime is often the result of individuals not being aware of cybercrime and being unable to spot the tell-tale signs.
Sign up for Masthead’s Cybersecurity Online Course
To understand the responsibilities and impact that cybercrime has on a business and its clients and to be more equipped to identify and avoid cyberattacks, register for Masthead’s Cybersecurity Online Course. This course is designed to equip you with the know-how to protect yourself and your FSP from cybercrime on a day-to-day basis.