$15-million stolen in OR Tambo heist

Suspected bogus police stole an estimated $15-million (R194,2-million) in cash in a daring late night robbery at Johannesburg’s O.R. Tambo International Airport.

The heist occurred when “police” stopped GuardForce personnel as they were transporting the money to an awaiting flight bound for London on Tuesday night.

Continue reading

Vehicle tracking company Ctrack has released it hijacking and crime statistics, detailing the hijacking hotspots across South Africa’s biggest cities, and the time of day you’re most vulnerable.

The report is based on data and analytics collected by Ctrack from January through December 2016.

Ctrack found that car and truck hijacking is most common in South Africa’s most populated province, Gauteng, followed by other built up provinces such as KwaZulu Natal and the Western Cape.

The majority of hijackings were likely to occur between 18:00 and 23:59 in Gauteng and KwaZulu-Natal, and between 00:00 and 05:59 in the Western Cape. You are also more likely to be hijacked on a Tuesday.

According to the latest crime statistics report released by the SAPS in September 2016, cases of hijacking have increased significantly across the country.

The most recent crime stats revealed that there were over 14,600 reported car hijackings between 2015 and 2016, up 14.3% from 12,770 cases in the prior period.

Statistically, this shows that 40 cars are hijacked every day in South Africa (versus 35 in 2015), or roughly one car every 36 minutes.

Source: BusinessTech

New PayPal phishing scam surfaces

Cyber-crooks are sending out spam emails that falsely warn recipients that their PayPal account activity has been temporarily limited, citing an account fraud issue.

A phishing email scam that warns PayPal users of possible fraudulent account activity in hopes of scaring personally identifiable information out of them is currently making the rounds.

According to a blog post from ESET, the phishing emails falsely inform recipients that PayPal has detected “unusual activity” on their accounts and has “temporary limited what you can do” until the possible security issue can be resolved. Clicking the log-in button on these emails redirects victims to what appears to be a legitimate log-in screen – it even displays an SSL certificate to sell its supposed authenticity – but is actually a fake PayPal web page hosted on a malicious domain.

After victims “log in,” the fake PayPal site displays another message informing victims that they will not be able to withdraw funds for 15 days, unless the issue is addressed further. Those who click a “Continue” button to proceed are then asked to enter even more detailed information, including their Social Security number, address, phone number, birthdate and mother’s maiden name.

As phishing scams go, this one is convincing, but there are still some clues that PayPal did not send this alert, ESET reported. For instance, the email contains minor grammatical and syntax errors, and the fake web page’s request to enter your home country is unusual, considering it also asks for your Social Security number, which only applies to the US.

By Bradley Barth for www.scmagazineuk.com

The Deputy Minister of Justice and Constitutional Development, John Jeffery, said the country’s new Cybercrimes and Cybersecurity Bill will be tabled in Parliament soon.

The Bill has already been approved by Cabinet.

“The Bill aims to put in place a coherent and integrated cybersecurity statutory framework to address various shortcomings which exist in dealing with cybercrime and cybersecurity in the country,” stated the SA Government website.

The purpose of the Cybercrimes and Cybersecurity Bill is to:

  • Create offences and prescribe penalties;
  • Further regulate jurisdiction;
  • Further regulate the powers to investigate, search and gain access to or seize items;
  • Further regulate aspects of international cooperation in respect of the investigation of cybercrime;
  • Provide for the establishment of a 24/7 point of contact;
  • Provide for the establishment of various structures to deal with cybersecurity;
  • Regulate the identification and declaration of National Critical Information Infrastructures and provides for measures to protect National Critical Information Infrastructures;
  • Further regulate aspects relating to evidence;
  • Impose obligations on electronic communications service providers regarding aspects which may impact on cybersecurity;
  • Provide that the President may enter into agreements with foreign States to promote cybersecurity; and
  • Repeal and amend certain laws.

How it will affect you

Michalsons law firm has published an overview of the Cybercrimes and Cybersecurity Bill, explaining why we need it and who will be affected by it. The bill is aimed at keeping South Africans safe from cybercrime and consolidates the country’s cybercrime laws into one place.

People who will be affected by the new bill include “everyone who uses a computer or the Internet”, along with:

  • People involved with IT or POPI compliance;
  • Electronic Communications Service Providers;
  • Providers of software or hardware tools that could be used to commit offences;
  • Financial services providers;
  • Owners of copyrights and pirates;
  • Information Security experts; and
  • Anyone who owns an Information Infrastructure that Government could declare as critical.

What the bill deals with
The bill creates around 50 new offences, which are related to data, messages, computers, and networks, said Michalsons.

These offences include:

  • Using personal information or financial information to commit an offence;
  • Hacking;
  • Unlawful interception of data;
  • Computer-related forgery and uttering; and
  • Extortion or terrorist activity.

The penalties for these offences range from 1-10 years in prison or up to a R10-million fine.

The bill also aims to protect critical infrastructure of a strategic nature from interference and disruption.

This infrastructure includes that which aids in keeping the country’s security, defence, and law enforcement operational; and provides essential services.

Powers to investigate

“The Cybercrimes and Cybersecurity Bill gives the South African Police and the State Security Agency extensive powers to investigate, search, access, and seize just about anything – like a computer, database, or network,” said Michalsons.

As part of the requirements of the bill, the Minister of Police must establish a National Cybercrime Centre and a Cyber Response Committee, of which the chairperson will be the Director-General: State Security.

The Minister of Defence must also establish and operate a Cyber Command, while the Minister of Telecommunications and Postal Services must establish a Cyber Security Hub.

Source: www.mybroadband.co.za

Safety deposit boxes are not so safe

 

Those of us who don’t rent bank safety deposit boxes for our valuables probably imagine the set-up to involve fingerprint-accessed vault-like doors and a cobweb of alarmed beams, as in the movies.

It wasn’t quite like that, said one of the victims of the December 18 First National Bank Randburg branch heist in which 360 boxes were stolen.

“Zai” of Randburg, who did not want to be named, happened to be at the bank yesterday when most of the boxes were returned to the branch by what appeared to be a private security company.

Police found the empty boxes dumped near FNB Stadium in Soweto two days after the heist.

All the valuables, including watches, Krugerrands, and jewellery passed down generations were gone. Only documents such as title deeds were left behind.

Zai’s family had rented the box since about 2004, she said, and at the time of the theft were renting it at R120 a month.

“Ironically, it was quite a big deal for us to access our boxes,” said Zai, who last did so in October.

“You had to make an appointment at least 24 hours in advance.

“Someone would meet you and take you into a room, and lock the door behind you. I’d have to produce my ID, then he’d go into another room, a vault, where the boxes were kept, lock that door behind him and then pass my box to me through a slot in the wall.

“I never saw any of the other boxes. I opened my box with two keys, in my possession, and then I’d be left alone to do what I needed to do, and then I’d phone to say that I was finished, so they could take the box back into the vault.

“It seemed very safe and professional,” she said.

In early December Zai’s husband asked her to collect their six expensive watches from the box to have them serviced.

“But I was too busy and now they are all gone,” she said.

FNB’s safety deposit contract states the bank will not be legally responsible “under any circumstances for any loss or damage that may occur to the contents” and officials have said they had no way of knowing what was in the stolen boxes and urged clients to insure the contents of the boxes.

By Wendy Knowler for Timeslive

Beware the data breach

South African organisations need to prioritise the protection of confidential information or face putting their businesses at risk of hefty financial penalties, irrevocable reputational damage, and even legal repercussions, a leading information security company has warned.

With the average data breach costing South African businesses R28.6 million each year, Shred-it South Africa said organisations cannot afford to ignore the importance of implementing robust information security policies and practices. The loss of confidential information can also impact customer confidence and may also put businesses at risk of legal action.

“Many South African businesses are not aware of the costly impact that a data security breach can have, both in terms of lost business and non-compliance fines. It’s more than a financial risk; damage to a hard earned reputation is time-intensive and costly to repair. Prevention is always better than a cure, and I urge organisations in South Africa to make sure information security is top of the business agenda,” says Tony Fitzpatrick, country manager at Shred-it South Africa.

Businesses also need to be aware of the legal requirements when it comes to protecting confidential information. According to Shred-it’s Security Tracker Survey, only 37% of SMEs understand the implications the forthcoming enforcement of the Protection of Personal Information (POPI) Act will have on their business compared to 70% of C-Suite Executives. However, the enforcement of POPI will hold all businesses accountable should they abuse or compromise personal information in any way. Organisations could face substantial financial penalties of up to R10 million, or a prison sentence of up to 10 years could be imposed should an entity be in breach of the legislation.

“The clock is ticking for businesses when it comes to being properly prepared to meet the terms of the POPI Act. When the POPI Act comes into full effect, it is crucial that all businesses adhere to the outlined requirements of the legislation when collecting, processing, storing and sharing another entity’s personal information. Businesses should note that the POPI Act is more than a compliance checkbox exercise; it is ultimately for the benefit of business, by ensuring that all information is securely protected so that organisations can build trust with their customers, employees and partners,” Fitzpatrick concludes.

Shred-it, which helps businesses in South Africa to improve their information security practices and protect their workplaces against the damage caused by data breaches, has issued the following five tips to help organisations put information security at the forefront of business planning:

• Schedule regular information security audits to identify problem areas where confidential information could go astray, e.g. printer stations and meeting rooms. Put measures in place to ensure that documents are securely disposed of, e.g. reminding staff to keep documents secure and store them in locked consoles or containers when they are no longer needed, ready for secure disposal.

• Introduce a Shred-it all Policy, which means all documents are destroyed prior to disposal. This means employees do not need to make a decision as to what is or is not confidential when disposing of paperwork. The decision to use the recycling bin or shredding container is often left to chance or convenience where both options are available. In practice, when outsourcing to a secure destruction provider such as Shred-it, all shredded paper is recycled, keeping you secure and protecting the environment at the same time.

• A clean desk is one of the simplest yet most effective safeguards that can significantly reduce the risk of a data breach. A formal Clean Desk Policy directs employees to put away all paper documents and lock all electronic equipment when leaving workstations, so confidential information is not at risk of falling into the wrong hands or left vulnerable to ‘visual hacking‘ from unauthorised prying eyes.

• Ensure employees are informed about the risks associated with data protection breaches and are well trained on which documents they should consider shredding as well as how to dispose of electronic data.

• Work with a reputable professional information destruction company that not only has a secure shredding process but can offer guidance and help with implementing robust information security practices.

Platinum:

       

Gold:

Silver:

           

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top