The mass cyber attacks of the past week are a sober reminder of how vulnerable we are to determined hackers who seek to benefit financially from compromising our personal details.
Last Friday, ransomware cyber attacks infected over 200 000 computers in more than 150 countries, most notably shutting down hospitals all over England. The hackers demanded $300 in BitCoin to release the data they had blocked.
These attacks were followed by calls for businesses and organisations to safeguard their systems, but little has been said of how ordinary people have been affected or what measures they can take to protect their personal information being compromised.
The South African Banking Risk Information Centre estimates that the country loses R2.2 billion to internet fraud and phishing attacks annually – that’s about R5.5 million a day.
According to the Norton Cybersecurity Insights Report, over 8.8 million South Africans were the target of online or cyber crime last year.
Celeste Buitendag, the cyber underwriter at SHA Specialist Underwriters, a wholly owned subsidiary of Santam, says there is a misconception that cyber criminals target only big organisations where there is the potential to extort millions of rands.
“A freelancer who works off his or her laptop in a café is as much at risk of having data seized in a ransomware attack as a large corporate organisation.
“Ransomware is indiscriminate as long as there is vulnerability in your computer, such as an update that has not been installed,” Buitendag says.
“In fact, the ‘one-man-shop’ is probably more likely to pay the ransom, because it is less likely to have backed up its data as regularly as a larger company with a full-time IT staff complement. This makes them an attractive target, and also explains why the average ransom amount has increased from around $350 to over $1 000 (according to the latest report from Symantec).”
Buitendag says you should do the following to protect yourself or your business against cyber attacks:
• Back up your data daily;
• Keep your computer’s operating system up to date;
• Keep three copies of data, two locally on an external storage device and one at a different location;
• Make sure your anti-virus software is up to date;
• Don’t open suspicious emails or attachments; and
• Block unnecessary ports.
Pieter Erasmus, an IT security strategist, says you must be proactive in mitigating against cyber attacks. “The biggest problem is ignorance, and these are the individuals who are most vulnerable. They can be tricked into disclosing passwords and other valuable information without realising it,” he says.
TOP THREE ONLINE SCAMS
The Centre for Cyber Security at the University of Johannesburg has the following advice on how you can avoid falling victim to the top three cyber scams identified by Hippo.co.za:
Scam 1. Advance-fee fraud, which includes online classified scams, online shopping scams and dating scams. Criminals swindle you out of your money using sophisticated social engineering techniques, getting you to pay before you receive the goods, which aren’t delivered.
• Avoid free shipping offers, and pay only after inspecting the goods; and
• Ensure the website you has secure online payment facility, and do not pay using a money order or transfer.
Scam 2. The use of fake and fraudulent material to coerce you to part with your money. This type of scam takes advantage of people’s emotions. For instance, a fake account closure prompts people to divulge their account information. Criminals may also claim that you won a prize or have inherited a lot of money, to acquire your personal information.
• Do not respond to random emails claiming that you have won a prize or inherited money;
• Keep your identity document safe; travel with certified copies; and
• Ensure your passwords are secure – use a combination of lower- and upper-case letters, numbers and symbols.
Scam 3. Banking related fraud, which includes phishing schemes, copycat sites and false SMS notifications, which result in consumers divulging confidential information.
• Do not use SMSes as the only way to confirm a transaction;
• Check your bank statements for suspicious transactions; and
• Do not use public-access computers to perform financial transactions.