Digital security is now one of the top concerns of businesses around the globe, however, it is of particular importance in South Africa, where breaches and cyber attacks have been on the rise. Phishing has been one of the easiest ways for cybercriminals to access important and proprietary business data and once stolen, it can do enough damage to shut a business down.
According to Accenture: “Some threat actors may consider South Africa a testing ground for malware.19 As cybersecurity measures are not as robust amongst private and public enterprises in South Africa as they are in other countries globally, some actors may test their tools and techniques against South African targets before deploying them against sophisticated targets.”
Companies in South Africa can be proactive in protecting themselves, their investments, and their customers.
When it comes to a phishing expedition, there are no “second chances” for employees to get things right. It’s important to communicate and educate staff so that they know how the threat actors present themselves. Never open emails or attachments from an unknown sender or one that has a name that is not exact. Don’t click on links in an email or on a strange website. Don’t fall prey to offers that sound too good to be true.
This may sound like a no-brainer, but people become complacent with their passwords and look to changing them as a hassle. It’s a good idea to change passwords around every 3–4 months and use alpha and numeric characters.
Once a cybercriminal finds out a password they will send bots out to test that password within a network and online. Use different passwords, especially when there are priority network levels that require higher authority. Along the same line of thought, you should limit the access to sensitive information to only those that absolutely must have it and delete user access when a staffer leaves the organization.
Security and firewall software companies are constantly adding enhancements to detect the latest potential dangers. Threat actors also know that this is an area that not all organizations maintain. Your IT Department should always have the updated software to protect against any phishing or intrusion attack.
This means that your staff will be required to have a phone, email, or text code verification before they can access the information. This strategy has become one of the top ways to not only stop cybercriminals but detect potential network attacks. Set up an automatic notification to be sent to the authorized user when more than three attempts are made to access an account or if there is an unknown device attempting access.
Originally published at https://davinciforensics.co.za.