Tag: security

Source: IOL

Giant South African retail chain Shoprite Group have tightened the screws on criminals targeting its stores.

The supermarket chain said that its efforts to prevent crime and the protect its customers and employees by employing a team of security experts comprising of ex-police officers and using technology has resulted in a 16% year-on-year decline in violent and serious crime, including armed robberies and burglaries, from July 2020 to May 2021.

The in-house team – operating from a centralised command centre – is involved in the entire process from identifying suspects to their arrest, being in court to oppose bail, working with police to ensure they have a complete and accurate docket, working with the National Prosecuting Authority and providing evidence in court, to do everything it can to ensure criminals are prosecuted.

Shoprite said crime and high risk situations are picked up through store and fleet monitoring, live information feeds and the group’s intelligence network, and security devices are immediately triggered.

When robberies do take place, the team is proving highly effective in securing arrests and prosecution, and the Group is becoming known for its capability to identify, trace and arrest suspects.

Head of Group Security & Loss Prevention, Oswald Meiring, believes Shoprite is a retail industry leader with its initiatives which are centred around a team of in-house investigators, which include former police members and detectives, with a unique mix of skills and extensive experience in commercial crime, fraud, serious and violent crime.

The team’s network includes informants, third parties working exclusively for it and an expert criminal lawyer.

The command centre team makes extensive use of technology and software systems including electronic dockets, suspect photo albums and evidence files.

A team of data and crime analysts do predictive analysis, identify suspects, and link suspects to each other and to the crime scene.

This technology, including video footage and a chain of evidence, has been critical in court proceedings.

The net result is that the investigation team made 752 court appearances, including postponements, bail, testifying and sentencing, in the 11 months from July 2020 to May 2021.

It secured 64% more guilty findings and/or convictions than the previous 12 months, amounting to 303 years and six months of prison sentences and 46 years and six months of suspended sentences.

The team has been instrumental in 200 arrests in the first 11 months of this financial year. The majority (54%) of crimes currently in court are for armed robbery, 26% are for theft and the rest include crimes such as arson, assault, looting, burglary and fraud.

As some cases were postponed in the last year due to lockdown restrictions, the team is currently in court every day.

Meiring says the Group focuses on fighting crime because it is the right thing to do as a concerned and responsible corporate citizen. “We also believe that securing arrests and sentences for crimes acts as a deterrent and ultimately reduces crime. We believe this is an important element of our contribution to make South Africa a safer environment for everyone.”

The Shoprite Group encountered specific lockdown-related challenges and benefits. Increased unemployment led to more opportunistic crimes, and mask-wearing made it more difficult to identify suspects. However, suspects couldn’t move around freely, resulting in increased arrests, while curfew hours also assisted in detecting criminal activity quicker and easier.

The Group appeals to members of the public to report any suspicious or criminal behaviour immediately and anonymously by calling its toll-free number 0800 11 88 79 or by sending an email to service@asesa.co.za.

 

By Wendy Tembedza for Webber Wentzel

​​​All businesses with employees, customers and suppliers must comply with POPIA, which comes into effect on 1 July 2021. Here’s a practical guide to the most important aspects.

With the commencement date of the Protection of Personal Information Act 4 of 2013 (POPI) of 1 July 2021 fast approaching, businesses should be reviewing their use of personal information to determine if it complies with the Act. It is important to understand that any business that has employees, customers and suppliers must comply with POPI when dealing with personal information. Below are a few tips on ways businesses can kick-start their compliance exercise.

Figure out what personal information you process and why
Under POPI, a business must be able to justify why it holds personal information based on one of the several justifications set out in POPI. This is a good opportunity for a business to assess what information it collects (whether from employees, customers, services providers or other third parties such as credit bureaus) and review whether that information is actually necessary for the purposes for which it was collected. In this regard, minimality is key – business should not collect more personal information than is required. Importantly, the term “personal information” is defined very broadly to mean any information that can be used to identify an individual person or another business entity.

Get rid of what you don’t need
Under POPI, a business cannot keep a record of personal information once the reason for which it was collected no longer exists, unless required by law. For example, unless required by law, a business should not keep personal information of any former supplier when the relationship has ended. Businesses should therefore check whether they are holding onto any old records of personal information that they no longer need and dispose of them in a secure manner. It is important to note that more data means more risk and it is best to purge what is not required.

Look at security
Correct management of personal information means appropriate security must be in place to protect it. POPI requires a business to put in place “appropriate, reasonable technical and organisational measures” to prevent loss, theft or damage to personal information. The suitability of security measures will depend on the business and the type of personal information it holds.

Marketing
Opt-out marketing emails and SMSs are a thing of the past under POPI. Unless a person is an existing customer, a business cannot send him or her marketing emails or SMSes without first getting consent from the person. Any request for marketing consent must include language that is set out in Regulations to POPI. Businesses should therefore review their direct marketing practices.

Go for the easy-wins
POPI compliance may seem like a daunting task but there are some “easy wins” when it comes to compliance. ​Basic documents used by the business will likely need updating for POPI compliance. These include company privacy policies and employee and supplier contracts. All of these documents should aid the business in proving its compliance with POPI.

How to test your password strength

By Devon Delfino for Business Insider US

Creating and maintaining secure passwords may seem like a hassle, but it’s a modern necessity if you want to keep your information safe.

To help you understand what makes a secure password, and how to validate the strength of your password using online security tools like NordPass, here’s a quick breakdown of everything you should know about safeguarding your online identity.

How to ensure your password is secure
The core characteristics of a strong password is length (NordPass suggests 12 or more characters) and an unpredictable mix of upper and lower case letters, numbers, and symbols, with no ties to obvious personal information.

Most people are aware of the basics of password best practices: It shouldn’t include something that’s easy to guess, like names of children, birthdays, or house numbers. And you should never use commonly used passwords, or variations of them. Avoid the likes of “password” and “PaSSw0rd,” or “123456” and “123456-Devon,” for instance.

Beyond creating an unpredictable sequence of letters and numbers that meaningful to you and only you, there are other tips to help keep your password strong and secure:

  • Don’t reuse passwords: Different passwords for different accounts is always a good idea. That way, if one account is compromised, the breach is contained.
  • Don’t write your password down: While it may seem like a good idea to have a physical copy of your usernames and passwords for quick reference, this can open you up to security issues in the real world.
  • Use a password manager: A password manager is a solid tool that can help keep you organised. These store your various passwords in a secure account, and typically provide a simple solution for easily storing, managing and filling in your passwords. Some examples of password managers include NordPass and LastPass.

How to check your password’s strength and security

There are many web-based tools that can help rate your password strength, but it’s important to choose one that you trust with your credentials.

An industry-trusted password checker you can use is one from NordPass, a password management tool by the VPN service provider NordVPN.

To understand how NordPass rates your password strength, it’s important to learn the main methods hackers use to steal passwords.

These methods include:

  • Brute force attack: This is when someone tries to simply guess your username and password using trial and error, via a computer program. This allows a hacker to try many different combinations of your login information.
  • Dictionary attack: This attack type is a systematic way of guessing passwords, and typically employs commonly used passwords (like variations of “p@ssworD.”)
  • Phishing techniques: This is when someone tries to get you to reveal your personal information, like your social security number or passwords, via email or text message. The key here is that phishing scams can look like they’re coming from a company you trust or know.
  • Credential stuffing: When a companies’ security is compromised, users are left potentially open to credential stuffing. That’s when people purchase your compromised information off the dark web and then use the login from that source to try to access other accounts on popular websites. So if you re-use your passwords for multiple accounts, you can leave yourself open to this method of digital theft.

With that in mind, here’s how to use NordPass’s online strength checker tool:

  • Go to the Nordpass secure password page and click “No, use online strength checker.”
  • Input your password in the text bar.
  • Nordpass will immediately rate it for you, and provide information about your password composition, an estimate of how long it would take someone to crack your password, and if your password had been previously exposed in a data breach.

Postbank forced to replace 12m bank cards

Source: MyBroadband

Postbank needs to replace 12-million bank cards at a cost of R1-billion after its “master key” was compromised, the Sunday Times reported.

Citing several internal Postbank reports, the Times found that the bank’s master key was stored in plaintext during a data centre migration in July 2018. Two staff members also stored the key in plaintext on USB flash drives and one of the drives can’t be located.

One of the internal reports cited in the article, an overview of financial crime, reportedly stated that Postbank found 25,000 fraudulent transactions between March 2018 and December 2019. R56 million was stolen.

The master key was generated in January 2018, according to the report.

The article described the master key as a 36-digit code which allows anyone to read and write account balances, and read and change information on any of the cards the bank has issued.

The Post Office denied that its master key for Postbank’s cards had been compromised, saying that the “stories” were unfounded and only seek to create panic among Postbank’s clients.

Postbank’s clients include millions of social security beneficiaries who receive grants from the government every month.

No audit trail
Referring to another internal report titled “Overall IT Security Register” from January 2020, the Sunday Times reported that the Postbank had no logging in place to trace fraudulent transactions.

Postbank was not able to audit when an account was accessed, who accessed it, and what was done on the account.

A spokesperson for the Post Office said that it is on record that “systematic difficulties” were uncovered with the “reconciliation functionality” of the integrated grant payments system, and that the issue has been resolved.

R42-million stolen from Postbank in 2012
This is not the first time information security problems at Postbank has resulted in money being stolen.

In 2012, a syndicate stole R42 million from Postbank in a heist that took place over the New Year holidays — between 1 January and 3 January.

The syndicate opened several Postbank accounts across South Africa towards the end of 2011, and over New Year’s they gained access to a Rustenburg Post Office employee’s computer. From there the syndicate made deposits from other accounts into its own.

Over the next three days, automated teller machines in Gauteng, Free State and KwaZulu-Natal were used to withdraw cash from the accounts.

By Phillip de Wet for Business Insider SA

Scammers are separating helpful South Africans from their money in what appears to be a wave of fraud that relies on hijacking WhatsApp accounts – and then simply asking for money.

The scammers first take control of a victim’s phone number, usually by porting the number to a new service provider, and so associating it with a SIM card under their control. That allows them to receive confirmatory SMSes from WhatsApp, and so take control of an existing account, while the now-offline victim is none the wiser.

Now able to impersonate the victim, the scammers access the phone numbers of friends and acquaintances, in many instances seemingly just waiting for incoming messages, or by way of WhatsApp groups to which the victim belongs. Then they simply ask for money.

Number porting has in the past often been used to intercept one-time PIN (OTP) numbers – but that requirers scammers to have control of bank accounts, either by skimming credit card information or stealing login details for online banking.

In the current wave of scams, the attackers do not need such access. Friends of victims are asked to send money via services such as First National Bank’s eWallet, which sends the code required to withdraw money from an ATM via SMS – with the cash immediately available.

As of Wednesday it was not yet clear how widespread the new scam was, with network operators saying they were detecting only a small number of fraudulent attempts to port numbers – while many people said they were receiving worrying notifications, or had already seen their friends approached for money.

Here’s how to protect yourself against both sides of the latest WhatsApp hijacking scam.

Turn on security notifications in WhatsApp.
WhatsApp security code settings
WhatsApp will alert you when a contact changes their phones – if you let it. For those in many big WhatsApp groups – with people who like to switch phones – the constant messages that a contact’s “security code has changed” can becoming annoying, so some people turn it off.

If you are one of those people, turn those notifications back on by going to “settings”, then selecting “account”, and from there “security”.

Should a “friend” ask for money shortly after their security code changes, be extremely suspicious.

Don’t ignore porting SMSes.
Cellphone companies will send out notification, by SMS, before porting a number – but will consider no response as permission. If you receive an SMS that warns your number is to be ported, do not ignore it.

If you are worried that message might be a scam in itself, phone your network provider on the usual service number.

Don’t turn off your phone if you’re getting annoying calls.
Some victims of porting say they were bombarded by annoying phone calls before their numbers were hijacked. The idea behind constantly ringing your number is to make you turn off your phone – so that you won’t receive porting notifications, and won’t notice you have suddenly been kicked off the network.

If someone keeps phoning then putting down the phone before you can answer, or you keep receiving calls with nobody on the other side, assume you are being scammed, and rather put your phone on silent while watching out for SMSes.

Don’t ignore a loss of cellphone signal.
If your phone suddenly won’t connect to your mobile network – and you aren’t in the middle of nowhere, or in an area being load-shed – assume your number is being hijacked, and get in touch with your network service provider as soon as possible.

Don’t register a new WhatsApp account if you change phone numbers, update your number instead.
Some victims of WhatsApp identity fraud believe they were impersonated after their former, abandoned cellphone numbers were recycled by network operators.

If you are switching numbers and want to be sure nobody can pretend to be you in future, you can change the phone number associated with your WhatsApp account.

If you really care about your security, enable the PIN function on WhatsApp.
WhatsApp 2-step verification
For ultimate protection, you can create a six-digit PIN number in WhatsApp, without which it should be impossible to register on the service – so that no number-porting scam or other mechanism will let someone steal your identity.

There is no better way to protect yourself, but this two-step verification measure comes with a couple of caveats. If you do not associate an email address with that PIN, or lose access to the email address you register, you are in deep trouble if you ever forget your PIN. Also, WhatsApp will from time to time demand the number from you, which could get annoying.

The PIN activation is under “settings”, “account”, and then “two step verification”.

By Aaron Holmes for Business Insider US

The most effective way to protect yourself against hackers is to build good password habits, experts say.

Cybersecurity experts shared straightforward tips with Business Insider that can make it exponentially harder for hackers to break into your account.

There’s no reason that your password should be a single word – a “passphrase” consisting of multiple words is much safer.

If your password is one word, you’re doing it wrong – it’s time to upgrade to a multi-word “passphrase.”

Password strength is one of the most important pieces of online security. The vast majority of hacks result from phishing – the act of guessing users’ login credentials based on information gleaned from messages and online profiles – which stems from human error and is easily preventable.

Hackers are also developing increasingly sophisticated methods to track and exchange peoples’ passwords, making preventative action all the more crucial.

Business Insider spoke to cybersecurity experts, who outlined simple steps users can take to make sure their online accounts are secure. Here’s what they recommend.

“‘Password’ is a bit of a misnomer. What you should actually be using is a passphrase,” says Kiersten Todt, managing director of the Cyber Readiness Institute and a former cybersecurity adviser to the Obama administration.

“Make that passphrase as long and difficult as possible,” Todt added. Four words long is safe, and five is even safer.
Contrary to popular belief, it’s perfectly fine to use spaces in your password. Many major sites, like Google and Facebook, accept “space” as a valid password character.

A “passphrase” is stronger than a single password because it increases entropy, or the amount of randomness in a password, making it harder to guess.
The creators of ProtonMail, a security-minded email service, say multi-word passphrases are a solution to the problem that “we humans are bad at creating randomness, and we’re bad at remembering things.”

Unlike complex one-word passwords with lots of special characters, passphrases are easy to remember. If your ‘secure system’ isn’t easy to use, people won’t use it, negating the security benefit,” the ProtonMail team argues.

Even when using passphrases, it’s crucial to change your password: “The people who are getting hit by hacks are the low hanging fruit who reuse the same passwords,” according to Alex Heid, chief technology officer at SecurityScoreCard.

Discovery Bank discovered a system flaw on Monday which allowed the incorrect credit card card verification value (CVV) numbers to be used for online payments.

The CVV is the last three digits on the back of a bank card, and is considered a critical as a last-ditch security measure against certain card fraud.

Business Insider South Africa was tipped off about the flaw, and on Monday morning was able to make payments with a random CVV code, such as 000.

  • Discovery Bank said it was alerted about the issue last week
  • The bank suffered no fraud losses due to the issue
  • The flaw has now been fixed
  • Previously, the Bank didn’t require further authorisation such as an OTP (one-time pin)
  • When Business Insider later tried to use an incorrect CVV number, a call centre agent phoned to let them know it was incorrect us after the transaction to alert us that an incorrect CVV number had been used.

 

First National Bank (FNB) has announced that users will no longer be able to save their online banking passwords in their browsers.

Going forward, whenever a user wants to log into their account they will have to do so manually.

This forces users to keep their banking passwords secure.

“All stored passwords on your device can be viewed during a malware attack. Passwords can be easily accessed on your unattended/unlocked/stolen device,” FNB stated in a MyBroadband article.

FNB advises that users do the following to keep their passwords safe:

  • Do not share login details with anyone
  • Always use a different password for different websites. Avoid using the same one over and over
  • Report any fraudulent activity immediately to the FNB Fraud Centre: 087 575 9444
  • This change may interfere with various third-party password lockers such as LastPass

The Shoprite Group is fighting crime by investing heavily in sophisticated security and other measures to make its shopping space secure, reduce the number of criminal incidents and increase the number of arrests.

This is in the wake of the retail industry experiencing significant crime incidents in which the Shoprite Group had to contend with 489 armed robberies and burglaries in its 2018 financial year.

Its investments in crime prevention, including a centralised Command Centre and anti-crime team, gives the Group the ability to monitor stores and vehicles, remotely trigger security devices, follow up on crime incidents and ensure suspects are arrested.

Through an extensive intelligence network, the Command Centre receives live information on strikes, protests and other incidents. This information can be used to react and take necessary measures to safeguard the Group’s fleet on the road as well as staff and customers in its stores.

Shoprite’s efforts to keep its customers and staff safe are reflected in a reduction of contact (violent) crime incidents and increased prosecutions. “It is a work in progress,” says Group Loss Prevention Manager, Oswald Meiring. “Incidents of violent crime and robberies are coming down, and we will continue to do everything we can to make us a harder target.”

Arrests have increased by 200% as a result of the Group increasing its capability to identify, trace and arrest suspects. Recently the Group was also able to assist with the arrest of two suspects after the manager of its Worcester branch was shot and killed in a robbery. A third suspect has been identified and arrest is imminent.

“We continue to focus on creating a safer environment for customers and staff. That is our first priority and we will go to any length to prosecute whoever is committing these crimes.”

The Group works closely with the South African Police Service (SAPS) and the National Prosecuting Authority (NPA) to affect the necessary arrests. It shares intelligence with them to ensure that bail is successfully opposed and that prosecution of criminals is successful.

In addition to tracking devices, the Group installed cameras and electronic locks on trucks which are managed from the Command Centre. Trucks can be remotely opened and closed, with alarms triggered if trucks are stationery for a certain length of time, or if unusual driving behaviour is detected. Since these devices were installed, there have been no incidents in transit on these vehicles.

It has also employed an in-house investigation team made up of experienced investigators. It has a team of Data and Crime Analysts who utilise predictive and historical analysis of all the crime data, to identify which stores or areas should be focused on. The Group has also employed an expert criminal lawyer to assist with the successful prosecution of criminals.

  • 1
  • 2
  • 4

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top