As we get into the swing of lockdown, and some of us are relying more heavily on digital means to work and engage with our staff and clients, cybersecurity is as important as ever.
‘Massive data fraud and theft’ has been ranked by the World Economic Forum as the number four global risk over a 10-year horizon. Cyber-attacks take the fifth spot. The digital age has ushered forth a wave of malicious cybercrime attacks, which threaten all businesses, big and small.
For intermediaries, it’s imperative to adopt proactive risk mitigation measures to bolster their cybersecurity and ensure client data is safe. Staff training forms a big part of this. And just because we’re all practicing social distancing, it doesn’t mean we can’t share this knowledge in different ways.
Thomas Meisinger: head of business solutions at SPF Distribution, says: “It’s more common to hear about bigger businesses experiencing cybercrime, given the tremendous sums often at stake. There’s been a bit of a dearth of information on the attacks small businesses have fallen victim to, but this is now changing as smaller practices start to share their experiences and learnings. It’s important to share knowledge to help all players to up their cybersecurity.”
Meisinger further emphasises that training staff about their responsibilities regarding day-to-day IT is imperative – as something as easy as skipping regular antivirus and anti-malware updates can be detrimental to any business. “It’s also vital team members are kept in the know regarding the latest threats. Financial phishing – fraudulent emails from criminals posing as reputable companies or colleagues in order to entice the recipient to reveal passwords, credit card information, or to send money – is on the rise right now. It’s crucial people are aware of this. The emails can be very convincing, so you need to know how to spot the signs.”
What are the other options to protect themselves from potential attacks? Here, Meisinger shares seven measures to implement in order to avoid falling victim to cybercrime:
- Train staff on IT 101: What constitutes a strong password? What’s deemed appropriate Internet use? How frequently should antivirus software be updated? What penalties are in place for violating company cybersecurity policies? It’s vital all staff members know what constitutes acceptable practices on a work machine and are familiar with your cybersecurity protocols.
- Do regular workshops using Video Conferencing: keep your people in the know. Make sure everyone is well-versed in the latest cybercrime threats and conduct regular digital workshops around how to handle these. Criminals are getting increasingly cunning in their attacks. When you receive a WhatsApp message that looks and sounds like it’s from a friend, it’s hard to see the tiny signs that show it to be fake. That’s what training is all about.
- Keep machines clean: Don’t leave security updates unattended. Always ensure that every machine has the latest security software to beat viruses, malware and other online threats.
- Mobile devices can create significant challenges: Implement a system for staff to password-protect their devices, encrypt their data and install security apps to prevent criminals from stealing information while on a public network.
- Ensure machines are backed up: Losing important documents can be a big risk to any business.
- Only allow authorised individuals access to business machines: Administrative privileges should only be given to trusted IT staff and key personnel.
- Implement limits: Limit the number of external storage devices such as USB sticks and external hard drives. Only allow authorised staff to access data and information, especially when installing software.
There’s lots happening in the AI and machine learning space when it comes to improving automated blocking capabilities and using advanced technology like biometrics and facial recognition to strengthen passwords. So, while you implement some of the immediate measures, it’s also vital to keep abreast of the latest cybercrime trends, concludes Meisinger.