Cyanre The Digital Forensic Lab has assisted many local companies after they experienced data breaches. Like true Gentlemen, we keep our relationships a secret, but we can share a number of issues that we’ve seen, what trends we’ve noticed, and how we addressed these issues.
Size doesn’t matter
Smaller SMME owners will think implementing a security strategy isn’t worth the investment. But the truth is, every company is at risk. And, when we suggest compiling a strategy, you’re most likely preparing for a phishing attack.
These sorts of attacks are not always rolled out by professional hackers, but by chancers looking to access sensitive data.
Fraudster’s tactics are evolving every day, and when those tactics work they can tap into your stored data, selling it on to the highest bidder. And because of the POPI Act you could be liable for a large fine ranging up toward R100k.
There is no such thing as useless information when it comes to online criminal activities.
It’s the mindset that, “Who’d want this information?” that’s a major problem. If you’re storing client data, such as ID numbers, you need to prepare for the worst and hope for the best.
In the right hands, your clientele could be on the wrong end of a sophisticated social engineering attack.
What can you do to prevent these incidents from happening?
What to do for protection
The best line of defence for your company is educating your staff on how to identify the hallmarks of a phishing email.
And you need to create a layered security strategy.
One of the access points into your company’s IT infrastructure is through email inboxes. Make sure to install an email perimeter, so that when a malicious email is detected it is dealt with before getting into your employee’s inbox.
By limiting access to these malicious emails, you’re helping to prevent incidents.
We’ve said this before, but the biggest gap in your IT infrastructure is your personnel.
Make sure that you implement a two-factor authentication for security systems, and that you keep access to sensitive information internally limited.
The most important aspect for you to insist on is that your employees use good and unique passwords, and change them regularly. When cybercriminals are trying to hack into a system they use a technique called ‘credential stuffing’, where old passwords are used to break into accounts.
By insisting on using new passwords, this technique can’t be utilised. And, as we’ve mentioned, hackers aren’t all programming geniuses, they are mostly chancers.
Another aspect most company machines run through are updates. Updating your machines’ software means it is better prepared for new cyber attacks. While it can be frustrating to wait for the system to update, especially when your work is deadline driven, it is key.
If you follow these steps your company shouldn’t suffer a data breach any time soon. For those who need a professional to complete a security assessment, you can always call us in for an analysis.
Feel free to contact us today.