CYBER SECURITY TIPS
Article by: Fourways Accountant: Annja Louca
In February 2021, Annja was lucky enough to attend the ICAEW Scotland Cyber event and it was very illuminating when it comes to how we think about and approach cybersecurity
The biggest takeaway from the event was that Cybersecurity shouldn’t be frightening or intimidating.
One really helpful way of looking at things that were discussed was thinking of your online activities in terms of cyber ‘hygiene’ as brought forward by Jude and Declan of the Scottish Business Resilience Centre (SBRC) in their presentation. As they suggested, it’s not about panic and fear, but a nice and healthy paranoia.
What does that mean exactly? Well, it means that you shouldn’t be ignoring the cybersecurity risks that are out there, and that you’re well-informed when it comes to the cybersecurity issues facing your business.
Internally, your company’s cyber health should be a frequent topic of discussion that is regularly evaluated within your various teams, as well as making sure you have a robust policy in place for what to do in the event of an attack. As scary as this may sound, the truth is that most cybersecurity attacks are only made possible by a lack of oversight, you worry about it like this, so that you have nothing to fear!
We live in a world where we are increasingly dependent on technology—and as the Covid-19 crisis has shifted us all to remote working, this has only become even more true. This isn’t a bad thing, actually, it’s truly amazing to see what digital technology can achieve in bringing people together and moving how we work forward into the future, but there are vulnerabilities. That’s what cybersecurity protects us from.
The Covid-19 crisis has also created the kind of chaos and uncertainty that hackers look for! And there are a number of popular scams you should be on the lookout for.
COVID-19 SCAMS:
- Phishing emails. This is one of the most common scams out there, and I’m sure we’re all familiar with the emails that are designed to look like they’re from real organisations, such as tax authorities. However, because there was such an avalanche of information during 2020 regarding grants and aid, these scams became even harder to spot! Always be careful to avoid clicking on links received in an email and entering any private information afterwards. Also, make sure to check the email header to verify the source of the email.
- Fake companies. In the wake of Covid-19, there has been a wave of fake companies looking to exploit related areas, such as PPE equipment suppliers and fake charities asking for donations to help people in need.
- Fake vaccine texts. Exploiting the knowledge that health authorities are communicating via text, scammers have also been sending out texts targeting elderly people under the guise of being from vaccination centres, these texts will aim to extract personal information.
As you can see, online criminals adapt quickly to any potential new exploits, and they will always try and target the vulnerable, especially if they aren’t as technologically literate. That’s why it’s important to be vigilant and diligent!
The 3 types of cybercriminals
- State-sponsored - These hackers will rarely target small businesses or individuals, but their attacks can often lead to the leaking of private citizens personal data.
- Organized Crime – One of the most common organized crime cyberattacks involves Ransomware. This has become increasingly prevalent and involves the use of deception and coercion through ransom threats that will aim to take money directly from individuals.
- An example of how they target people is through Ransomware – becoming more and more prevalent in the news. They use ransom threats to fund their other illegal affairs. They need cash to fund their other affairs. It isn’t personal.
- Individual Hacker – Some hackers are motivated by personal reasons, and others are simply using their tactics for monetary gain, but either way, they are most likely to target vulnerable individuals and small organisations who may lack the knowledge or resources to protect themselves.
This is a problem that’s not going to go away, and we can’t exactly stay off the internet! But we can protect ourselves. Recent figures suggest that
46% of businesses in Scotland have reported a cybersecurity breach of some form within the last year. A high number, we know! But there are organisations like the SPRC working to help individuals and businesses and people protect themselves.
How To Protect Yourself
- Password Security – We shouldn’t think of passwords as fixed things, but like constantly changing passphrases, albeit not as cool as the ones at a fashionable speakeasy! That way, if you have been breached, you’re protecting yourself against future breaches.
There are also websites that can help you check if your email has been the subject of a breach, such as Have I been Pwned?
Of course, if you’re being properly vigilant, then you should also be careful to make sure that any site like this isn’t a front for a phishing scam!
- Password Management – There a number of programs— LastPass, Keeper, Dashlane, Bitwarden Keychain or 1Password—that will help you manage your passwords. The benefit of these programs isn’t just that it’s easier to store and remember all your passwords securely, but they also help you use a variety of complex passwords that will add an extra layer of security to all of your accounts.
- Regular Updates - I’m sure we’ve all clicked ‘ignore’ a few times when our laptop or mobile device prompts us to update, but we probably shouldn’t! Regular updates will ensure your device is using the latest protocols, which are often created as a response to developments in cybersecurity
- Make regular back-ups - Keeping regular backups means that if the worst does happen, you still have access to your data, as well as a record of everything that you can use to restore the data. This is even easier to do now with the advent of affordable cloud storage options, just make sure to test things regularly!
- Stay prepared. Stay vigilant – It’s important to not only trust your instincts but to also always err on the side of caution if necessary. If something seems odd or suspicious, don’t open it. And never supply personal details unless you’re 100% sure you can trust the recipient.
In South Africa, the governing body responsible for cybersecurity is the Information Regulator. So if you have any questions. that’s a good place to begin!
And remember to stay safe online and out there IRL as they say, it’s important in so many ways these days!
For more information, please visit our website anlo.co.za or give us a call on 011 658-1324