Technology and cybercrime never stand still. The ultimate prize for sophisticated cybercriminals is data that could open doors to quick, illicit gains. For businesses, the challenge is to safeguard customers and personal data.
The key to keeping customers and data safe, writes Bilal Kajee, head of risk management, business and commercial banking at Standard Bank Group, is being proactive and ensuring that your business’s data protection systems follow best practices.
Maintaining the safety of customer data and their trust means:
* Stringent access controls
* Robust encryption measures
* Staff whose training keeps pace with data developments and reduces risks.
* Being aware of the most common risks. Keep track of ongoing scams that morph into more sophisticated attacks. Understanding the most common threats and be on the alert for phishing, vishing, malware and remote access intrusions.
Keeping pace with developing scams, being aware and putting measures in place to identify trends like the ‘change of banking details’ scam.
Build awareness about:
* Fraudsters posing as a company or supplier representing companies you support.
* Stop staff and customers from revealing banking details so the company can ‘update our records’ or insert new banking details.
* Create awareness that if people ask for your banking details, they are probably fraudsters.
* Identify false statements from suppliers- the usual giveaway is an unusual web address.
Simple precautions mean better data security. And prevention is better than cure, so:
* If in doubt about a call, phone the bank or company represented and ensure the call was genuine.
* Never use a phone number supplied by the caller; someone from the scamming team could answer it.
* Hang up on the caller and look up the number of the bank or beneficiary, then place your call.
* If you can’t call the beneficiary, speak to your bank; all banks provide account validation letters.
* In addition, Standard Bank offers an Account Verification Service (AVS) on its payment platforms.
What else can be done to mitigate risk?
Put simple know-your-customer strategies in place by communicating regularly with clients and beneficiaries. Make sure that attention is paid to:
* Implementing strong access control measures. Get employees to use strong passwords, two-factor authentication and password managers
* Limit data access to authorised personnel and review access permissions regularly.
* Keep software updated, install anti-virus and malware-scanning software and test systems regularly.
* Back up data and store it securely.
* Use data backup solutions, including hardware appliances, software solutions and cloud-based data backup.
* Review consent management strategies to ensure compliance and keep clients informed about changes to company data collection and processing policies, plus scan websites for vulnerabilities relating to scams on Yima, the Southern African Fraud Prevention Service’s (SAFPS) website at yima.org.za and report fraud through their structures.