Small businesses and self-employed people are big targets for hackers, and the financial implications can be crippling. Gone are the days of thinking “It’ll never happen to us.” A total of 61% of all data breaches this year occurred in businesses with fewer than 1,000 employees, according to the Verizon Data Breach Investigations Report.
Not only have hacks increased in frequency, but the impact on SMEs is getting much bigger.
But where do you begin? Many SMEs feel that being as secure as a big business is impossible. Corporations have large budgets, chief security officers and entire teams dedicated to cybersecurity. This perception stems from the impression that hacks are vastly complicated, and rely on a tireless horde of highly skilled attackers. Most hacks aren’t like that. The majority depend on poor passwords and a lack of awareness of what a hacker actually needs to compromise your systems — a simple phishing email or a leaked password and they’re in. It’s that simple.
Educating yourself and your staff is the only solution. Hackers always look for soft targets, so start with the basics.
1. Get a strong password
A total of 80% of hacking-related breaches use either stolen passwords and/or weak or guessable passwords. Getting a strong password is the bare minimum. What’s more, it’s easier than you think. A lot of people don’t know that you can use spaces in your passwords, for example: “horse mug table” is much a much better password than “Horse123.”
2. Then make your password unique
Having a single strong password doesn’t count for much if that password then gets leaked. We’ve seen massive, trusted companies like LinkedIn and Yahoo leak millions of passwords over the last few years, which opens the door to wide-ranging cyber attacks. Password managers like LastPass and OnePassword help you generate and keep track of unique and strong passwords.
3. Know what to look out for with phishing
Hackers are constantly sending “phishing” emails, trying to get you to click on their website so that they can install malware or convince you to give them your password. Understanding what a hacker is trying to do and what to look out for is key. Poor syntax, incorrect spelling, or email addresses and links that include a lot of full stops (for example, amazon.getcode.tickets.phishingattack.com ) are all key warning signs to look out for.
4. Understand the information you’re already giving away
Phishing attacks rely on the amount of information we share about ourselves online. Famously the hackers behind the celebrity iCloud leak in 2014 used information they’d gained from public posts to guess the answers to user’s secret questions. If your secret question is “The city I was born in” and you post that information on Facebook, then hackers have an easy way into your account.
5. Pay attention to Web page URLs
When you see “http” in a web page URL that means your communication with that page is unencrypted. Any communication could be easily read by a hacker waiting on that page; “http” is a warning sign to look out for if you ever think you might have stumbled onto a phishing or generally suspect website. If you’re ever entering sensitive information like credit card numbers or personal details, make sure the website has “https” in the website url. That way you’re more secure.
6. Update your software
Software is updated for a reason. Usually companies like Microsoft or Apple will discover a vulnerability that might let hackers in, fix it, then offer an update. Always take them up on it. We saw with the WanaCry attack earlier this year what happens when organizations don’t install patches (updates bringing computer systems to the most up-to-date version) and security updates. Unpatched vulnerabilities offer gaps into your systems that hackers use to install malware and ransomware, or to just gain control of your systems.
7. Encrypt everything
Should a breach happen, you want to make sure whatever information hackers get their hands on is, at the very least, difficult for them to understand. Encrypting your hard drives and databases with a modern algorithm like AES256 is a key defensive tool to protect your data in the event of a breach. It’s quick and easy to do. For more info you can check out this post by FreeCodeCamp to do it in under an hour.
Knowledge is the key to cybersecurity, but it’s important to think about the underlying structure of your business and the way it handles data more broadly. Organization-wide controls and data-protection policies help define sound technological defense, and ensure you know how to respond in the event of a breach. Just remember that industry standards like an ISO27001 certification and SOCII are beneficial, but only when combined with education and good user behavior.
By Sam Nixon for CIO Today
Statistics from the South African Fraud Prevention Service (SAFPS) show that identity theft has increased by 200% over the past six years.
Manie van Schalkwyk, the executive director of the SAFPS, says you should avoid “investment” schemes that promise unrealistic returns.
“Consumers also regularly fall victim to several types of advance-fee fraud and often divulge their personal details in the hope of winning a prize in a competition that they never entered,” Van Schalkwyk says.
He says you should do the following to prevent your identity from being stolen:
• Treat your identity document, driver’s licence and personal documents as you would cash. Do not leave them lying around the house or in your car.
• Shred documents before throwing them away.
• Clear your letterbox regularly, particularly if you live in a complex where letterboxes are accessible to a number of people.
• Do not click on URLs (links to websites) in SMSes or emails unless you have initiated the transaction and are certain they are from an authentic source.
• Be cautious about sharing your personal information, particularly when applying for services online.
If you lose your identity document or credit card, Van Schalkwyk says you should contact the SAFPS to apply for protective registration on its database.
“The benefit of protective registration is that all member organisations, including banks, clothing and furniture retailers, and some insurance companies, have access to the SAFPS database, and any identity theft or fraud will be flagged and can be prevented. This is a free service.”
To apply for protective registration, SMS the word “Protectid” to 43366, phone 011 867 2234 or 0860 101 248, or email email@example.com
The rand tanked on Monday after the Public Protector recommended changes to the Constitution that would see the removal of a clause to protect the currency.
Public Protector Busisiwe Mkhwebane announced her findings after her investigation into the South African Reserve Bank’s assistance to Bankorp between 1985 and 1995, which Absa bought in 1992. She wants Absa to repay R1.125bn, a move the bank refutes as it believes it has paid all money owed.
However, her big remedial action was a recommendation that the Portfolio Committee on Justice and Correctional Services change the Constitution.
It “must initiate a process that will result in the amendment of section 224 of the Constitution, in pursuit of improving socio-economic conditions of the citizens of the republic, by introducing a motion in terms of section 73(2) of the Constitution in the National Assembly and thereafter deal with matter in terms of section 74(5) and (6) of the Constitution”.
She wants section 224 of the Constitution to read:
“The primary object of the South African Reserve Bank is to promote balanced and sustainable economic growth in the Republic, while ensuring that the socio-economic well-being of the citizens are protected.
“The South African Reserve Bank, in pursuit of its primary object, must perform its functions independently and without fear, favour or prejudice, while ensuring that there must be regular consultation between the Bank and Parliament to achieve meaningful socio-economic transformation.”
Mkhwebane’s suggestion removes reference to “protect the value of the currency”, Bloomberg told traders on Monday.
The Constitution currently states: “The primary object of the South African Reserve Bank is to protect the value of the currency in the interest of balanced and sustainable economic growth in the Republic.”
Opening Pandora’s box
Nomura economist Peter Montalto said the rand is taking a knock because it’s “not a good headline … it’s a live wire issue”.
“Even if a change here is not likely to actually occur, the risk of it is important to markets and ratings agencies,” he said in an emailed comment to investors.
“This is quite unusual that a Public Protector has been so specific on changing the Constitution or indeed be so radical on transformation.”
“This is touching the real last Pandora’s box,” he said. “Note, whilst the PP is meant to be independent she is widely viewed as a Zuma loyalist.
“I don’t think this is going to happen in the short to medium run. The ANC cannot really muster the support to change the Constitution in Parliament and would require a two-thirds majority.
“What the worry is here is that actually it’s much, much easier than that. You just need a new MPC (monetary policy committee) mandate, which is done by a letter from the FinMin to MPC and can be done technically at any time.
“I do not think (Finance Minister Malusi) Gigaba is going to do that, but this raises the risk and promotes the idea in public debate about how secure this last bastion of an institution is.
“The SARB is also one of few ratings positives for the ratings agencies,” he said. “The very fact this issue is being raised and the SARB dragged into the debate is negative.
“However, I see the SARB leadership strongly and resolutely defending their independence and existing mandate including via court action if necessary.”
By Matthew le Cordeur for News24
Exposure to the elements can be detrimental to unprotected wood, leaving it warped, discoloured and unappealing. Protect your wooden surfaces with Woodpro Water-Based Wood Sealer from Prominent Paints, a new lead free, low odour product launched in the Woodpro range, now in store and available in 1l or 5l tins.