Awareness of your business’ vulnerability to the various types of scams is key so
that you can take action to prevent them. (Photo: Getty Images)
Effective data security includes implementing robust data encryption measures, stringent access controls and regular staff training programmes
In an increasingly digital world, data privacy is more important than ever before. Cyber criminals are becoming more sophisticated in their methods, so it is vital that businesses follow data privacy best practices to maintain the trust of their clients, reduce risk and maintain a good reputation.
Bilal Kajee, Head of Risk Management, Business and Commercial Banking at Standard Bank Group, says that businesses need to be proactive when it comes to protecting their data, and that of their clients. “The key to effective data security includes implementing robust data encryption measures, stringent access controls and regular staff training programmes,” he says.
Be aware of the risks
Cyber-attacks, such as phishing (emails purporting to be from reputable companies) and vishing scams (phone calls or messages purporting to be from reputable companies; both phishing and vishing attempt to secure information such as bank details), malware or remote access, account for most security breaches. Awareness of your business’ vulnerability to the various types of scams is key so that you can take action to prevent them.
“The ‘change of banking details’ scam is one that we have seen gain prominence recently,” says Kajee. “It involves fraudsters posing as a company or supplier to whom you make regular payments. They tell you that their banking details have changed and ask you to update your records. Then, when you next make a payment, the money is directed to the fraudster’s account.”
“Criminals will go to great lengths to prolong these scams,” Kajee continues. “For example, after changing payment details, they will often continue sending businesses false statements showing how their debt is being paid down. It is only when the real supplier terminates services that clients realise they have been scammed.”
Prevention is better than cure
One of the simplest ways to prevent this type of scam is to make a phone call to the beneficiary to check whether their banking details have indeed changed. Kajee advises looking up the company’s phone number yourself rather than calling the number that appears on an email or on your phone.
“If businesses are unable to call the supplier directly to validate payment details, they can call their own bank. All banks provide account validation letters,” says Kajee. “Standard Bank clients can also validate accounts and account details themselves by using the Account Verification Service (AVS) on Standard Bank’s payment platforms,” he adds.
What else can be done to mitigate risk?
“While the client or supplier environment is completely external to businesses and their banks, this does not mean that businesses cannot to some extent also manage these external exposures,” says Kajee. “Simple know-your-client strategies, regular personal contact and communication with clients and beneficiaries, supported by a business practice environment that educates staff on threats, present a formidable defence against scams.”
Some additional steps Kajee advises businesses to take include:
- Implement strong access control measures. Make it mandatory for your employees to use strong passwords, 2-factor authentication and password managers.
- Limit data access to authorised personnel only and review access permissions regularly.
- Keep your software up to date. Install reliable antivirus and malware-scanning software and test your systems regularly.
- Back up your data and ensure that it is stored securely. Data backup solutions and tools include hardware appliances, software solutions and cloud-based data backup options.
- Review your consent management strategy to ensure compliance. Be transparent and keep your clients informed about any changes to your company’s data collection and processing policies.
- Provide employee training. Ensure that your team is aware of your business’ data privacy policies and train them on how to identify potential scams and cyber security risks.
Kajee adds that businesses can also scan websites for vulnerabilities relating to scams on Yima, the Southern African Fraud Prevention Service’s (SAFPS) website, available at yima.org.za. Yima allows you to report a scam incident or suspicious activity to the SAFPS, and the reports are then shared with law enforcement for investigation.
Being proactive is key
“Data is one of a business’s most valuable commodities, so protecting it effectively is critical,” says Kajee. “Being vigilant and proactive when it comes to data privacy results in fewer security breaches, curtails financial losses and increases clients’ confidence in your business.”
For more information on different types of scams and how to avoid them, visit the Security Centre on the Standard Bank website at www.standardbank.co.za.