An important shift has occurred in the cyber security landscape of late. To keep pace in an ever more competitive world, businesses are adopting new ways of doing business, making them more dependent than ever on connected services like web-based and mobile platforms, exposing them to new security challenges. In addition, the explosion in data leaves organizations vulnerable to attack, while the lack of properly trained staff leaves them short-handed. Finally, a patchwork security system and poor visibility across tools and processes provides ample opportunity for cyber criminals to exploit vulnerabilities and security holes.
While some criminals focus on very large companies, others select companies that lack the levels of security found in larger enterprises. In fact, smaller companies are more exposed than ever: 30 percent of phishing attacks now affect organizations with fewer than 250 employees.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
Apart from the obvious implications for smaller companies with respect to compromised data, the legal implications for overlooking your responsibility to protect your customers’ information, which has been legislated under the Protection of Personal Information Bill, could mean reputational damage, millions in fines and even jail time. Put bluntly, if your organisation processes personal information, then complying with POPI is your problem.
So, where do we start? With the online world becoming increasingly complex, cyber criminals waiting in the code, and POPI driving accountability, how do we begin to familiarise ourselves with cyber security good practice. Well, we’re going to try to assist you there. Our intention is to start a conversation that serves to educate rather than to complicate. We know cyber security is foreign to most, especially in the SMME arena, so we’re going to keep it simple and feel our way step by step. This month, we’ll start with you, the individual, and your daily habits.
- Never give out or share your passwords and pin numbers to anyone. Do not store that information on your computer. It is often convenient to let your computer remember your passwords, but you never know who can get a hold of that stored information. You need to regularly change your passwords and always use a different password for each of your accounts. Use numbers, letters, and symbols when choosing a password. Common passwords that you should avoid using – password, your name, family members, date of birth, 1234 or qwerty.
- Continuously maintain the security of your personal computer. Be sure that you have a current and active virus scanner and an active firewall to protect your information. Check for any software updates or security patches and be sure to update your computer often.
- Be sure to “log out” when you are leaving a website. Logging out will clear the site of your information. If you simply close the browser, your information may remain on the site and would therefore be accessible by others. Try and use your personal computer rather than public computers when accessing confidential data, like your bank accounts.
- Be careful when using a wireless network. Be sure it is a secure network before entering any of your passwords or personal information. Information is easily accessed when you transmit it over an unsecured wireless network.
- Know where and what you are downloading. Before you download anything online, be sure you know the source of the data and that it is trustworthy. You don’t want to download a virus or spyware by downloading from an untrustworthy website. Beware of sites informing you that your system is infected. This is a scam you whereby, if you click on the “warning”, you can provide permission for the virus software to be installed on your system.
- Double check that the websites you are visiting are secure. Before entering any of your information, be sure that that URL says “https” and not just “http.” The extra “s” on the end means that the website is secure for transmitting information. Also, make sure you see the LOCK in the address bar to ensure the site is encrypted.
- Never click on an email and enter your password or user name. If you get an email from a business that you work with, do not click through the email. Instead, open a new browser window and go directly to their website and enter your information. This will keep you from falling prey to phishing scams trying to get your usernames and passwords. Rule of thumb – never click on links where you don’t trust the sender.
If we want to see our organisation’s cyber security improve then we need to start with our personal habits and work our way from there. Our hope is there was a point or two that made you reconsider your own habits. If you’re already aware of these areas of vulnerability then you’re on your way to a more secure online experience. Next month, we’ll consider your employees’ habits, probably the most overlooked and vulnerable area of them all.