Cybercriminals are no longer only targeting large corporates. Whether your business is big or small, in a city or small town – no one is exempt from criminals trying to gain access to your money or personal information.

This October marks International Cybersecurity Awareness Month and serves as a reminder for businesses that there are simple, effective ways to keep your company online safely and protect the personal data of staff and clients.

In line with this year’s theme – ‘Secure Our World’, the importance of cyber security risk management in securing your business in a digital world must be emphasised. This is according to Makolo Kalambaie, business head: financial lines and cyber at Santam at Santam, who says that cyber security risk management is a critical skill to acquire for both employees and business leaders.

“The digital age makes us more vulnerable to risks online despite the convenience it offers. Employees have a critical role to play in securing your business’s world.”

The Mimecast’s 2023 ‘State of Email Security’ report identifies data breaches as a bigger risk than climate change, with South Africa ranking sixth on the list of countries most affected by cybercrime. Interpol’s African Cyberthreat Assessment Report 2022, revealed a total of 230 million cyber threats were detected in South Africa, out of which 219 million, or 95.21%, were e-mail-based attacks. And businesses – regardless of size – are alive to the threat. The 2023 Santam Insurance Barometer Report showed a 12% increase in the number of commercial respondents who cited cybercrime within their top five risks.

With these statistics in mind, Kalambaie shares information on the types of things cybercriminals are looking for, what a breach can mean for your business and ways to improve your cyber security.

 

What cybercriminals are looking for

Top data targets often include intellectual property and databases of personal information about employees, partners, suppliers and clients that can be used for identity theft and fraud. Credential theft is a common and potentially devastating tactic used by cybercriminals. Other types of threats include:

  • Attempting to ‘rent out’ computer resources or extortion, where data is held ransom
  • Blackmailing businesses with Distributed Denial-of-Service (DDoS) attacks or threats of DDoS attacks. A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
  • WiFi vulnerabilities: As you look for free WiFi networks, you may unknowingly connect to a shadow network – a system that is intended to look like any other public network except that it’s monitored by a cyber predator. Tip: set your device to not automatically connect to available networks.

 

What a cybercrime incident could mean for your business?

The immediate effect of a cyberattack causes business interruption. You can’t run a business if you can’t use your computers or access important data. In addition to this, the long-term reputational damage could be immense. One of the greatest advantages of having cyber insurance is the opportunity for businesses to bounce back from any interruptions and financial loss incurred as a result of cybercrime.

Cyber insurance also helps with the practical side of getting IT experts to restore systems, recreate data and pre-empt new threats. Depending on the damage that is done, businesses could be held liable and even face litigation. Therefore, it’s imperative to have security measures in place to safeguard this information, and ensuring that employees are aware of these and practicing them:

  • Create your security policy: Keep an eye out for news reports on the most common cyber threats. Educate employees on the dangers of cybercrime and constantly refresh their memories about the most important things they can do to protect your business – they are the first line of defence in a cyber-attack.
  • Passwords:  A strong password is at least 10 characters long and includes symbols (%,@,*) and numbers. You can use Lastpass – a password manager that acts like a vault for all your account and password information – or use a password generator.
  • Be careful with software installations: Be strict about what can be installed on company computers without authorisation to increase your computer security. Be sure to install a firewall and anti-virus software and block access to restricted sites with internet filters.
  • Keep operating systems, software and browsers updated: Called ‘patches’, they exist to fix vulnerabilities in the software you use that can be exploited by hackers or malware.