In this digitally connected world, cybercrime has risen significantly. However, there are ways to prevent cyber intrusions and online crimes from happening in your business.
Cyber-attacks in South Africa have increased by more than 200 percent since 2019. This spike in cyber related crime and cyber security breaches occurred, even though many sections of the Cybercrime Act commenced on 1 December 2021.
The Act places various requirements on financial institutions. As an FSP, you need to assist law enforcement, such as the police service, with the necessary technical or other assistance to search for, access or seize any data or computer that may be linked to a cybercrime. You are also required to report offences to the police within 72 hours. Further, you need to preserve any information that relates to the commission of a cybercrime.
Failure to meet these requirements may result in steep penalties. For instance, you could be liable for a fine of up to R50 000 if convicted.
According to Interpol, South Africa has the third highest number of cybercrime victims worldwide, costing victims R2.2 billion a year. Cyber security threats and cybercrime should therefore rank among the top five risks in your FAIS Risk Management Plan.
First step towards protection
The first step to protect yourself and your business is to consider how susceptible your business is for cybercriminals to facilitate the commission of cybercrimes. Cybercrimes include hacking, unlawful interception of data, ransomware, cyber forgery and uttering, cyber extortion and malicious communications.
Irrespective of the size and complexity of your FSP, having adequate cyber risk protection in addition to Personal Indemnity (PI) cover for cyber risk is recommended.
Best industry practice to prevent the commission of cybercrime in your FSP entails using strong passwords and activating a firewall to secure your computers. It includes regularly updating your technological hardware and system’s security networks. Ensure there is software in place to block spyware attacks, be social media savvy and check your security settings regularly. Also, choose to download applications from trusted sources only, as mobile devices are vulnerable to viruses and hackers.
Further, be sure to secure your wireless (Wi-Fi) network, as these are vulnerable to intrusion if not properly secured. Encrypting sensitive files will protect your data, such as financial records and client records. Also, be cautious when giving out personal information such as names, addresses, phone numbers or financial information on the internet.
Recent cyber attacks
Several companies were recently exposed to cyber-attacks, with dire consequences. Transunion was the target of a ransomware breach in March 2022. The personal and business data of more than 10 million individuals and organisations across South Africa was compromised.
Health insurer MediBank revealed that almost 4-million of its customers’ data had been exposed to a hacker in October 2022. More recently, a leading local law firm, ENS, was held liable in a judgment handed down in January 2023 for R5.5 million, which a property buyer intended to deposit in the firm’s trust account. The money was stolen, as fraudsters manipulated the emails that were received from an employee of the firm. Click here to read more.
Cybercrime can result in primarily financial damage, but also in loss of trust and reputational damage. It is therefore in your and clients’ interests to educate and equip your FSP to resist cyber-attacks and cyber security threats.
Masthead offers two CPD-accredited Cybersecurity courses that empower FSPs to avoid becoming victims of cybercrime. Read more about the ‘Understanding Cybersecurity Risks Course’ and ‘Cybersecurity Online Course’ on the Masthead Learning Centre.