As if a global pandemic hasn’t been enough, it appears that cybercrime is on the rise in South Africa as criminals take advantage of corporate weaknesses during the COVID-19 crisis. From increased phishing scams to attacks on networks, companies seem to be aware that they need to do something but few are taking an action.
A 2020 FTI Consultant Barometer survey of 2,000 across the board G20 countries resulted in specific reports about South African companies that is rather chilling. 36% of the South African company respondents stated that they have had some form of cyberattack that resulted in revenue loss, with 27% stating a loss in reputation, stock value and employees. The astounding part is that with all of this chaos, less than half of those surveyed saying that they have taken any kind of cybersecurity action in the last 12 months.
The pandemic has created a condition that has required many IT departments to refocus their efforts to enable remote employees while maintaining steady business operations. Even as employees are accessing the network from home, network security has taken a lower priority, making networks more vulnerable.
Areas of specific concern for cyber attacks in South Africa include:
- Home Wi-Fi Networks that are Unsecured: Many employees are forced to work with unsecured Wi-Fi networks in their home or even resort to going to public Wi-Fi networks that are completely unsecured. These staffers become targets for cybercriminals to spy and steal their data.
- Unsecured Personal Devices: Not all companies have supplied employees with laptops that have the latest security protocols. The employees are then left to use their personal devices such as tablets, phones, and their own laptops to accomplish the work required. The risks increase exponentially as they may not even have their own anti-malware software. When cybercriminals deploy malware on these devices, they can access both work and personal information.
- Remote Workers Falling for Scams: Very few companies educate remote employees on the methods used by cybercriminals for malicious scams. This can result in staffers being a target for access to both work and personal information, including their ability to gain entrance to the company network.
What to Do:
It is apparent that it will take quite some time for the world to return to any kind of condition for normal working conditions. Companies are being stretched to the limit with reduced budgets, and yet to protect their assets they need to take specific actions.
In addition to allocating sufficient resources to improve cybersecurity resilience and implementing cyber best practices, companies and their employees can proactively mitigate risks through specific steps, including:
- Establish a team that identifies those employees working remotely that will be the most likely attack victims and take action to protect the devices and environment for personal and business-critical information.
- Educate employees on IT security, establish policies for remote workers, and give guidance on the ways employees can work securely from their homes.
- Create a clear communication path for employees to report any suspicious activities.
- Ensure that all corporate IT assets as well as remote devices are not only given security tools but receive regular updates.
- Require good password practices through the use of passwords that are complex and that change frequently. Use multi-factor authentication for access to the company network.
- Have the team check and ensure that remote employees have secure home Wi-Fi networks and change the default settings and password for the routers.
“DaVinci Forensics has been focusing on helping businesses deal with potential cybercrime to reduce vulnerability. We know that the damage of a cyberattack or break can have far damaging consequences. We work with our clients during the pandemic time to help to organize IT team priorities and educate staff for best practices.”
– Sharon Knowles, CEO DaVinci Forensics