CYBERCRIME targeted at businesses is fuelled by email usage, social engineering and gaps in payment systems.
That’s according to Ryan Mer, Managing Director of eftsure Africa, a know your payee (KYP) platform provider, who believes that cyber security is almost always a people problem first.
“While the amount of business transactions taking place online is constantly growing and working from home is now commonplace, business controls have not kept pace with digital transformation. This has led to increasing demand for cybersecurity solutions.”
Mer offers the following tips to stay ahead of cyber scams:
- Understand the risks
The tactics used by cybercriminals are constantly evolving and include the likes of business email compromise, social engineering, malicious software, phishing, ransomware, and even recruiting insiders to help.
Most organisations also rely on manual processes, which in turn, have numerous gaps and rely heavily on human input and decision making. Researching and understanding the many ways you could be attacked is your first line of defence.
It’s also crucial to understand the risks specific to your own organisation and to identify its weak spots. This means testing your current processes and systems to identify vulnerabilities, perhaps with the help of more experienced external experts.
- Beef up your basic security
Consider restricting user access to certain systems and applications and ensure those who leave the company no longer have any access. Look at whether you can strengthen the company’s passwords — for example, by requiring them to have more characters and a combination of letters, numbers and symbols.
In addition, passwords should be changed on a regular basis and, if possible, two factor authentication should be used. Review whether there are any vulnerabilities in how your company provides remote access.
- Tighten your payments security
Once you understand the threats out there, take a hard look at your payments processes and identify potential weaknesses.
Ways to plug these could include ensuring there is clear separation of duties between staff and adding more verification steps. Promote a culture where it’s safe for staff to question any requests that don’t look right.
Also, encourage them not to rely on email and to actively verify money transfer requests and changes in supplier payment details. While checking with senior executives or verifying by phone are options, they are time consuming, inefficient and hold their own risks.
Independent third-party platforms, such as eftsure, can help manage supplier data and automate payment checking and supplier verification, saving time on manual processes and reducing human error.
- Train your staff
Since employees are usually the target of cybercrime, especially those in finance and accounts payable, equip them with the skills and tools to spot threats and respond effectively.
Introduce cyber safety awareness programs, workshops and simulations that teach staff how to recognise spam and phishing messages and make them aware of the wide variety of threats out there. Also instruct them on how to identify and report suspicious online activity.
- Make cyber security part of your dna
Constantly reminding staff at all levels about the risks of cybercrime will, over time, help build a strong security-conscious culture for your entire business. Ensure the right tone is set from the top down and that management sets a good example.
And remember this is just the start. Constantly review this threat and keep getting better at fighting it because, as the statics and headlines keep confirming, cybercriminals just keep getting better at what they do. – GeekWire.co.za