Cybercrime, or computer-oriented crime, is a crime that involves a computer (or phone or tablet) and a network. And South Africa certainly isn’t immune – in fact, we’re the third-worst country in the world in terms of cybercrime attacks.
The scary thing is that it takes on average 150 days for a company to identify a breach and an average of 40 days to contain that breach. This means 40 days during which your business would essentially be down without access to your data (e.g. booking system, client list, etc.). For many companies, this would prove to be financially crippling.
Did you know?
- 84% of South African adults have been a victim of cybercrime
- 75 records stolen every second by hackers
- 24% of data breaches are as a result of human error (and therefore preventable), i.e. phishing or business process errors
- 30 000 websites are hacked daily
- R3 500 average cost of a stolen record on the black market
Here are 10 cybercrime must-knows for travel businesses
1. What are common cybercrimes?
Phishing is the use of fake email messages to get personal information from internet users. A common scam involves cybercriminals impersonating an individual or organisation who would gain your confidence—a company CEO, customer service agent, member of a government branch (e.g. SARS), NGO, etc.
An email originating from this ‘trusted source’ will prompt you to click on a link or complete a form in order to receive funds, change banking details, etc. This prompt will trigger malware to download onto your machine, either locking your hard drive, at which point you may be requested to pay a ransom to unlock it, or exploiting additional information from you (e.g. passwords, banking details, etc.). Vishing is a form of phishing that occurs over the phone or SMS.
It’s very important that if you receive any request for a change in banking details, that you do not accept the correspondence you receive as valid. Contact your client, supplier, or contractor directly and make sure about the change request. Also, contact your bank and request that they provide you with correct banking details.
Malicious software, or malware, is a general term for computer programmes that are specifically designed to infiltrate and harm computers without the user’s consent. It can include computer viruses, worms, Trojan horses, ransomware, spyware, adware, etc.
Ransomware is a type of malware that locks, encrypts, or threatens to publish the contents of a user’s hard drive (e.g. files or data), unless a ransom is paid. Generally, the ransom is requested in cryptocurrency because it is untraceable.
These are highly sophisticated individuals or teams who exploit technology to steal sensitive company or personal information for the purposes of profit. They build detailed profiles on users, know how you act online, who you contact and, for all intents and purposes, are extremely convincing (sometimes displaying legitimate email addresses, bank accounts, letterheads, etc.)
2. How do I know if my personal data has been breached?
The introduction of the POPI act will make it law that a business must inform their stakeholders (i.e. shareholders, customers, suppliers, contractors, etc.) of any breach in personal information.
Previously this has not been the case, and company data breaches could result in not only personal information being sold, e.g. for marketing purposes, but also used to carry out identity theft and other cybercrimes—unbeknownst to the individuals whose data was hacked.
Furthermore, under POPI, if a company does not notify the regulator that they have been hacked, they can face a R10 million fine or 10 years in prison.
If you would like to check whether your email address has been compromised in a data breach, enter your email into the website https://haveibeenpwned.com/. It will come up with a record of if, where, when, and how your email address was compromised.
3. How and to whom do you report cybercrime?
You can report cybercrime to the South African Police Service (SAPS) or at http://cybercrime.org.za/reporting.
A specialist will need to take a forensic image of the contaminated hard drive or device, and the service provider will need to be subpoenaed to try to determine where the problem originated, which can prove difficult as cybercriminals often work from remote locations and know how to evade detection. SAPS can then complete an investigation.
4. What can I do to safeguard myself and my organisation (as best possible)?
Taking the necessary steps to mitigate cyber threats and prevent an attack is obviously the first priority before having to contain and recover from an incident once it unfolds.
- Ensure laptops have antivirus software and that USB ports are set to scan.
- Ensure that relevant virtual private network (VPN) software installed and/or 2-factor authentication (2FA) is implemented.
- Ensure hard disk encryption is installed.
- Ensure you are able to log into the network with a password. If there is no password, something may be amiss.
- Ensure personal PCs and laptops have antivirus software and that you have a personal firewall.
- Report any strange emails or activities with your PC or laptop.
- Be very careful with clicking on unknown links and never engage email from unknown or suspicious sources.
- Visit websites that are unsecured or suspicious, especially where you are transacting and/or providing PII.
- Transact with retail, banking or financial sites that do not have the HTTPS (S is for Secure)
- Provide financial or personal information to anyone requesting it over the telephone or internet unless you are expecting and can verify it. (A recent scam has involved malicious individuals purporting to be Covid-19 contact tracers requesting personal information.)
- Respond to any Covid-19 emails requesting information. (Google blocked 250 million scam emails related to Covid-19 between March and May.)
5. What should I look for in antivirus software?
Antivirus software has become much more sophisticated in the last few years. It is designed to prevent, search for, detect and remove software viruses and all forms of malware, including ransomware
It is advisable to pay a bit extra to get a top of the range package, rather than rely on a free service. Look for a package that includes a firewall, VPN and can encrypt and protect your passwords (e.g. a password manager or vault). Your antivirus software should come with signature antivirus update files and automatically update (e.g. the software will write a signature update in response to exposure or the identification of a virus or malware).
In free antivirus software, these updates may not occur as frequently or automatically. However, a free service will give you some level of protection and is better than having nothing at all.
Don’t think that if you are an Apple user, that you don’t need antivirus software or that it isn’t available. The way IOS is written does make it slightly more secure, but it can still be breached. There are several antivirus software options available for Apple, and any paid service will give you the necessary level of protection.
Securing your mobile phone (or tablet) is often overlooked but is also very important. Malware can be written into apps that you download. There are a number of antivirus software brands that now offer mobile services that block malware and monitor activity (alerting users if something looks malicious in a download). Securing your mobile phone 100% is more difficult than your computer, but a mobile antivirus service will give you a higher level of security.
6. What is a VPN, and why is it important?
A virtual private network (VPN) establishes a secure and encrypted connection by creating a private network from a public internet connection. A VPN encrypts all information transacted or sent over the internet and is highly recommended for all users, especially those working from home. A VPN is also an absolute requirement if you want to take out a cyber insurance policy.
7. Is it safer to work on the cloud?
Cloud environments have become far more sophisticated over the last few years. The two largest cloud services, Amazon Web Services (AWS) and Microsoft Azure, have invested heavily in security. Cloud environments have software monitoring tools and run sweeps every hour. These tools are backed by artificial intelligence that can analyse information flows and report anything suspicious.
With more and more people moving to a cloud environment, it is a target for cybercriminals. However, storing your data in the cloud is still more secure than doing so on your machine at home or in the office.
Note, however, that if you operate on the cloud, you are still the custodian of that data, and therefore liable.
8. How can I mitigate risk on social media platforms?
The more personal information you share online, the more exposed you are. You have no recourse once your information is in the public domain. Cybercriminals can build in-depth profiles based on this information in order to exploit you or impersonate you for phishing attacks.
Be very careful with the amount of personal information you share online and on social media and do not post information like your real-time location. (Note that cyberstalking is another form of cybercrime.) Some antivirus software can now scan your social media feeds for scams and malicious links.
9. How should I manage my passwords?
You can actually manage your passwords yourself quite effectively simply using an Excel spreadsheet. However, a paid antivirus software will also have a password manager (vault) and can generate secure passwords for you. It is not advisable to store your passwords on, for instance, Google Chrome’s password manager.
In addition to the password tips under ‘minimum security requirements’ for cyber insurance below, it is a good idea to use a phrase (a combination of words) rather than just one word in conjunction with numbers and symbols. The longer your password, the more difficult it is to hack.
10. How can you respond to a cyber incident?
You should immediately assemble an incident response team comprising top management as well as the following:
- Insurance broker and underwriter linked to your cyber policy to ascertain how your policy will respond.
- Attorney who is experienced in cyber breaches.
- Forensics specialist to investigate how the incident occurred.
- Incident containment specialist tasked with cleaning up the systems, recovering data, removing any malware, and helping to quantify your business interruption.
- PR company to deal with crisis communications and the reputational damage associated with a cyber breach. You will also need to notify all affected parties.
- Remediation services specialist to deal with credit and identity theft monitoring.
It has been shown that the top 3 cost-reducing factors for companies who experience such an event are:
- Having an incident response team in place.
- Extensive use of data encryption.
- Participation in risk sharing, e.g. cyber insurance cover.