In 2023, South Africa saw a 22% increase in cyberattacks, with small to medium enterprises (SMEs) bearing the brunt of the damage. As cyber threats continue to evolve, organisations and consumers must remain vigilant. Even small oversights in cybersecurity best practices can leave us all dangerously exposed.
According to Steven Maier, chief brand officer at Amplifin: “The rise in cyberattacks has made it clear that no organisation is too small to be targeted. SMEs are especially vulnerable because they often don’t have the same resources for cybersecurity as larger companies or are slower to adopt the available security measures. But simple steps can make a big difference.”
Phishing, SIM-swap fraud, and payment fraud are now prevalent in South Africa, while spear-phishing – where attackers target specific individuals with highly personalised emails – is also growing in momentum. There are several common mistakes many organisations make when it comes to securing their data and systems.
Rijan Venter, network security engineer at Amplifin, adds: “Cybercriminals are constantly adapting their methods. Businesses, and especially those with access to personal information and financial systems, must remain proactive in their security measures to stay ahead of the game.”
Common Cybersecurity Mistakes and How to Avoid Them
Falling for Phishing Scams
Phishing remains one of the most prevalent and damaging forms of cyberattacks, where cybercriminals trick users into clicking on fraudulent links that mimic real businesses or services. This can lead to compromised accounts, stolen data and ransomware.
Maier explains: “Phishing scams have become so sophisticated that they can be hard to spot, even for trained professionals. It is crucial for businesses and individuals to stay cautious when dealing with unexpected emails or links.”
How to avoid it:
- Always verify the sender’s email address before clicking on any links. Often, email addresses may appear legitimate but contain subtle spelling differences or extra characters that can easily go unnoticed. For example, an email might use “support@amplfin.co.za” instead of “support@amplifin.co.za“
- Watch out for unfamiliar or suspicious email domains. Hover over hyperlinks to ensure that the link matches the legitimate domain of the company in question. For example, a legitimate link for Amplifin would be “amplifin.co.za,” not a suspicious variation like “amplfin-support.co.za.”
- Use spam filters and security tools to help detect phishing attempts, but do not rely solely on them.
- If something feels off, it probably is. Always double-check before you act.
Using Weak Passwords and Lacking Multi-Factor Authentication (MFA):
Even today, many businesses and consumers still rely on weak passwords, often using the same one across multiple accounts. This practice leaves them exposed to brute force attacks, data breaches, and password leaks.
Venter says: “A strong password combined with multi-factor authentication can provide a critical extra layer of security. In many cases, it’s the difference between a hacker breaking in or being stopped in their tracks.”
How to avoid it:
- Create strong, unique passwords for each account.
- Using a password manager can help store and generate strong passwords without the hassle of remembering them all.
- Always enable MFA where possible.
- Avoid saving passwords in your internet browser, as this can make all your passwords accessible to anyone with access to your browser, leaving your accounts vulnerable.
- Do not save passwords for product solutions, especially when sharing a device. This reduces the risk of unauthorised access if someone else gains control of your device.
- Change your passwords regularly to reduce the risk of exposure in the event of a data breach or leak.
- Despite it seeming obvious, we’ve still noticed people writing down all their passwords on sticky notes or keeping Word documents on their desktops labelled “Passwords.”
Maier continues: “At Amplifin, we have implemented enhanced MFA features for all our users to ensure that sensitive accounts are well-protected. All our employees, for example, are required to use MFA to minimise the risk of unauthorised access.”
Inadequate device protection:
Many businesses and individuals still fail to secure their devices with appropriate software, leaving them vulnerable to malware and other cyber threats. Without up-to-date antivirus software or firewalls, users are easy targets for attackers.
“Outdated operating system software and poor device security is like leaving your door unlocked for cybercriminals,” notes Venter.
How to avoid it:
- Ensure all personal or business-related devices are protected with up-to-date antivirus software.
- Firewalls should also be installed and properly configured to filter unwanted traffic.
- Security measures must be continuously updated as new vulnerabilities emerge.
- Ideally Windows or IOS settings should be set to automatically update the operating system to ensure the latest security enhancements are downloaded and installed.
Oversharing personal information on social media:
Cybercriminals often scour social platforms, gathering personal details to develop highly targeted phishing attacks that are difficult to spot.
Maier adds, “People don’t realise how much personal information they reveal on social media. Attackers can use seemingly harmless details like your pet’s name or location to guess passwords or answer security questions.”
How to avoid it:
- Be mindful of what you share online. Personal information such as your date of birth, location, or even your pet’s name could be used to guess passwords or security questions. This isn’t just part of cybersecurity but also personal security and safety, as criminals may notice your routines and potentially target you physically as well.
- Adjust your privacy settings and limit your audience for personal posts.
Building a Culture of Cybersecurity Awareness
Maier states that: “At Amplifin, we provide continuous training and regular reminders to our employees about the importance of privacy and secure practices in the workplace and at home.”
Businesses should also consider regular external security training to keep employees informed about the latest threats.
“Cybersecurity is not a one-time effort,” says Venter. “It requires continuous monitoring and updates. We encourage regular vulnerability checks and audits to stay ahead of potential threats.”
Incorporating advanced AI-driven tools to detect unusual behaviours in real-time can also help businesses catch threats before they escalate. “AI is becoming increasingly valuable in detecting potential threats early,” adds Venter
“Every individual and business must take cybersecurity seriously,” concludes Maier. “By understanding common threats and implementing strong security measures, you can significantly lower the risk of falling victim to cyberattack.”