Cybercriminals are becoming more sophisticated in the methods they deploy to extract data and sensitive information from us. Presenting via Zoom webinar, Werner Lunow, IT Security manager at Allan Gray, and cybersecurity expert and KnowB4 managing director, Anna Collard, unpacked some of the current trends, red flags to watch out for, and tips to safeguard your clients and advice practice from cybercriminals.
As we adjust to the realities of working from home, cybercriminals are stepping up their game to engineer new ways of gaining access to data, with the end goal of stealing money from you and your clients. They seem to be taking advantage of this period of “business unusual” and the preoccupied state we find ourselves in trying to juggle children, homeschooling and work obligations simultaneously.
According to Collard, when we are more stressed or distracted, it makes it easier for criminals to hook us and trick us into not using our critical thinking.
Mitigating the risks
Every business, to an extent, faces external and internal risks that leave them vulnerable to cyber attacks and whether yours is a small or bigger practice, it is important to conduct a risk assessment to understand where your vulnerabilities lie. For many advice practices, third-party transactions pose the biggest external risk. Over the years, we’ve witnessed a number of global data breaches that have occurred as a result of compromised third parties and the lesson to draw from them, is the importance of knowing where your data is going.
Your employees, wittingly or unwittingly, also pose a risk, so it’s vital to keep your staff members educated on the potential risks out there, have an information security policy in place and conduct annual criminal and credit checks, as ways of limiting your business’s risk to exposure.
Red flags to be aware of
Phishing remains the most common way cybercriminals are preying on people and the best way to protect yourself against it remains not clicking on a link in an email before verifying the authenticity of the link. To determine the authenticity of a link, hover over it and review the URL. Phishing emails will divert you to an unrelated website.
These days, cybercriminals have added voice phishing (vishing) scams to their repertoire and make use of deepfake technology to create manipulated videos which appear to be from high profile individuals, and intend to dupe unsuspecting victims.
Look out for communications that contain requests to act quickly, or those that elicit a degree of fearmongering. A simple way to defend against being taken for a ride is to apply common sense and interrogate communications you receive. If you haven’t entered a competition or applied to receive COVID-related funding relief, ask yourself: why am I getting this correspondence? Take the time to stop, think and verify before you respond.
Tips for protecting yourself and your clients
- Use a password manager. It will help you store, generate and manage your passwords and login details for apps and websites. If you don’t feel comfortable using a password manager on your top risk accounts, make sure you set a strong and unique password.
- Don’t reuse passwords across different platforms or save them on browsers.
- Make use of multi-factor authentication, like one-time pins (OTP), to add an extra layer of security.
- Get verbal confirmation from clients when money changes hands.
- Back up data regularly and keep anti-virus software up to date.
- Make sure you use strong passwords – a good idea is to avoid using an English word. It will make it harder for cybercriminals to access your data.
For more cybercrime insights, review the webinar recording below.