Simple strategies to protect your business from cyberattacks
Businesses can gift themselves a successful and trouble-free silly season, simply by being aware of how online fraudsters operate.
Cybercriminals actively target businesses and individuals during holiday periods when they know enterprises are busy, short-staffed or in a more relaxed and generous frame of mind.
Bad actors go to great lengths to invent scams. For example, after changing payment details, fraudsters will often continue sending businesses false statements showing how their debt is being paid down. It is only when the real supplier terminates services that clients realise they have been scammed.
While businesses can’t control who accesses their clients’ or suppliers’ systems, they can control their own payments. Businesses can easily call suppliers, verify amounts and payment details. They can also follow up with suppliers, confirming that they have indeed received the funds sent. Most banks can confirm payment of funds almost immediately, even if they’re not yet showing on the recipient’s statement. Often, a simple call is all that’s required.
To spot and avoid cybercrime over this festive season, Standard Bank suggests that every business adopt the following practices:
1. Phishing – don’t take the bait
Phishing involves scammers tricking you into giving up personal information by impersonating trusted sources.
Be alert for unexpected messages that ask for personal information, prompt you to click on a link or contain misspellings, unfamiliar email addresses or too-good-to-be-true offers. When in doubt, don’t click — and then quickly report the message.
2. Strengthen formal cybersecurity defences
Update defences
Make sure that all software, apps and especially antivirus and operating systems are up to date. Cyber attackers often exploit vulnerabilities in outdated software.
Strong passwords
Use complex and different passwords for different accounts. Always opt for a combination of letters, numbers, and symbols. Regularly update passwords and don’t use the same password across multiple platforms.
Secure files
Don’t leave sensitive files exposed. Instead, use folders with appropriate access permissions and store crucial documents in secured locations.
Encrypt devices
Add an extra layer of defence by making sure laptops, smartphones and tablets are encrypted.
Report loss
Report lost or stolen devices internally to prevent bad actors getting hold of data.
Businesses should also let their banks know of any loss, theft or data breach, if necessary suspending digital profiles and operations until passwords are changed and the system secured for use.
Affected customers or suppliers should also be alerted.
Use multi-factor authentication (MFA)
MFA creates a second line of defence if your first line of defence is compromised.
3. Safeguard personal information
Businesses have a legal duty to protect information, especially client or customer information. The Protection of Personal Information Act (POPIA) set standards for handling personal information. Applying POPIA prescriptions help businesses guard data and build customer and supplier trust.
4. Everyone can be a cybercrime fighter
Creating awareness and sharing basic behavioural practices across a business empowers every employee to spot and block cyberattacks.
While the client or supplier environment is completely external to businesses, businesses can still manage risk from external exposures. Simple know-your-client strategies, regular personal contact and communication with clients and beneficiaries supported by a business practice environment that educates staff on threats while empowering them to call and check present a formidable defence against scammers.
Especially for smaller businesses that can’t afford elaborate data solutions, adopting good habits that frustrate cybercriminals can be more effective than the most expensive digital security system.
Bilal Kajee is Head of Risk Management, Business and Commercial Banking at Standard Bank Group