This past week, cybercriminals demanded payment from Liberty after notifying them that they had seized data from their insurance business. Liberty immediately deployed a large team of IT specialists to investigate and secure their systems and fortunately were able to avert irreparable damage to the company. Read more here.
Cyberattacks are becoming more frequent in South Africa, not only for large organisations like Liberty but for smaller businesses too. It’s a great cause for concern as small businesses are likely to be crippled if hit by cyberattacks.
A few weeks ago, South African small business, Goliath and Goliath, became a victim of cybercrime through email hacking and lost more than R300 000. According to an article published on Fin24, hackers had intercepted Goliath and Goliath’s emails and managed to get their clients to make payments into a different bank account.
CEO of Goliath and Goliath urged small businesses to stay vigilant and informed on how hackers operate.
Cyberattacks are a risk for Financial Services companies
According to the Allianz Risk Barometer 2018 report, cyber incidents rank top in the entertainment and media, financial services, technology and telecommunications industries.
These incidents are serious, and the threats are real. Financial Services Providers are particularly attractive targets for cybercriminals because of the wealth of client data stored by these businesses. In the article, SA a testing ground for attacks on banking sector, the reality of cybercrime in South Africa is outlined and the implications thereof on financial services businesses are explained. Over and above the obvious financial losses that your company can suffer, cyberattacks hold a risk of reputational damage for your company, your staff and a loss of client confidence.
Board Notice 194 of 2017 prescribes that FSPs must have risk management policies, procedures and systems which must include, “systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information…”. These security policies must show how the FSP will safeguard the security, integrity and confidentiality of information, which includes physical security of assets and records, back-ups of data and disaster recovery plans. It further requires FSPs to consider appropriate measures to deal with cybersecurity threats.
4 ways to protect your business against cybercrime
1. Educate yourself and your staff about cybersecurity and different types of cybercrime
You need to stay one step ahead of cybercriminals. Take the time to learn the different types of cybercrime, the most common being Account hacking, Phishing and Malware.
2. Click with caution
If it sounds too good to be true, it probably is. Do not be tempted to click on links in email messages from people you do not know. These links could be a phishing scam or it could download malware onto your computer.
3. Always double check information and instructions from clients
Do not accept that emailed instructions from clients are valid. You may want to add a validity check to confirm a client request. For example, upon receiving an email from a client, follow up via a phone call to the client confirming their emailed instructions are authentic.
Note: FSPs should review their PI Cover to establish if there are additional requirements around verifying instructions from their clients.
4. Install Antivirus software on your electronic devices
Electronic devices such as computers, cell phones and tablets are the gateway for cybercriminals. Installing an antivirus and keeping your security software up-to-date can help you protect your online business activities and keep them secure.
Cybercrime is often the result of individuals not being aware of cybercrime and being unable to spot the tell-tale signs.
Masthead’s Cybersecurity Online Course has been designed to equip all individuals with the know-how to identify and avoid cyberattacks. Decrease your business’ risk of becoming a victim of cybercrime by making sure every employee is aware and able to spot an attack. For more about our Cybersecurity course and to register click here.
FSPs, Key Individuals and Representatives who complete the Cybersecurity Online Course will earn 1 CPD hour towards their FSCA CPD requirements.
FPI members will be able to earn 1 CPD hour in the Ethics and Practice Standards category.