Defending your Digital Frontier: Cybersecurity Risk Management Strategies
Last year, South Africa was ranked 5th on security company Surfshark’s global cybercrime density list. Only the UK, US, Canada and Australia experienced higher numbers of successful cyberattacks.
For property professionals handling large amounts of sensitive information – an attractive target for attackers – this is a concerning statistic. Is your organisation properly prepared to defend its digital frontier?
In this whitepaper, we’ll explore where the greatest cybersecurity risks lie, what you can do to shore up your defences, and why your risk management strategy needs to involve far more than just technology.
What is cybercrime?
Cybercrime is criminal activity that uses and/or targets computers, computer networks, and/or networked devices to steal information or cause damage, either for profit or for personal or political gain.
Cybercrime may be carried out by criminal organisations or individuals. Attacks range from rudimentary to ultra-sophisticated, affecting everyone from private individuals to multi-national enterprises.
The top 5 global cyber risks
- Phishing
- Online Payment Fraud
- Malware and Ransomware
- Spoofing
- Hacking
Did you know? 78% of South African organisations were hit with a ransomware attack in 2022/3, up 27% from the previous year. (Source: Sophos’ The State of Ransomware in South Africa 2023 report.)
Cybercrime Glossary
Hacking: Hacking is the act of identifying and exploiting vulnerabilities to gain unauthorised access to a computer system. Hackers may use a variety of cybercrime techniques to gain access, with compromised passwords being one of the most common.
Malware: Malware is malicious software designed to damage, disrupt, or provide unauthorised access to a computer system. Viruses, Trojan horses, ransomware, and spyware are all examples of malware.
Phishing: Phishing is the practice of sending emails (or other messages) disguised to look like they are from a reputable company in order to trick individuals into revealing login details, credit card numbers or other personal information.
Ransomware: Ransomware is a type of malware (malicious software) that blocks access to a computer system until a sum of money has been paid.
Spamming: Spamming is when messaging systems are used to send large quantities of unsolicited messages. This is a common way to mass-distribute phishing emails, but is also used as a questionable marketing tactic and for proselytising.
Spoofing: Spoofing is when a person or program tricks security systems into believing they are something/someone else, circumventing authentication measures designed to prevent unauthorised and/or undesirable access and activities.
Spyware: Spyware is malware (malicious software) secretly installed on a victim’s computer that gathers information about the victim that can be used by the attacker for illicit purposes e.g. gaining unauthorised access to sensitive information.
Trojans: Trojans are malware (malicious software) disguised as legitimate software. They are typically downloaded and installed by the unsuspecting victim, releasing the malicious code hidden inside.
Viruses: Computer viruses are a type of malware (malicious software) that spread by inserting their own code into as many applications and computer programmes as possible. Viruses can cause widespread disruption, operational issues, data loss and/or data leakage.
The most common Cybercrime vulnerabilities
Cybercrime vulnerabilities are flaws or security gaps that cybercriminals can exploit to their advantage. Most vulnerabilities fall into the following three categories.
People
According to IBM, 95% of cybersecurity breaches are a result of human error, making employees one of organisations’ greatest security vulnerabilities.
With proper training supported by a strong security culture, however, employees can be transformed from a vulnerability into an effective additional line of defence.
Processes
In order to act as an effective defence, people need to know exactly what their duties and responsibilities entail. Without established processes that clearly define the activities, roles and documentation your risk management strategy requires, it’s all too easy for gaps and vulnerabilities to creep in.
Technology
The right technology can be an invaluable cybersecurity asset, providing a high level of automated defence against known and unknown cyberthreats. However, even the best technology must be kept up-to-date at all times to remain effective. Any delay in releasing or installing updates or patches could introduce serious – and invisible – security vulnerabilities. As such, it’s always best to work with a trusted technology partner with an established security track record.
It’s also important to remember that technology cannot overcome any shortfalls in your people and processes. It’s only by combining all three that you can reliably address the majority of cybercrime vulnerabilities.
Cybersecurity Checklist
Working in a digital world has many benefits, but it also carries significant risk. Loadshedding and hybrid/work-from-home business models have made addressing those risks more complicated – but there is still plenty that you, as a property practitioner, can do to protect yourself, your clients and your business from becoming a cybercrime statistic.
Educate and empower your Team
Educate your staff on common cyberattack vectors, and train them to recognise suspicious activity and respond with appropriate caution.
Keep your software and systems up to date
Always use trusted technology from reputable solution providers, and enable automatic updates to stay on top of the latest security patches and protections.
Use endpoint protection
Unprotected mobile devices like laptops, tablets and smartphones can act as pathways for cybercriminals into your corporate network. Use endpoint protection software to secure these devices against unauthorised access.
Install a firewall
Install a firewall to protect your network against brute force cyberattacks before they penetrate your systems and cause any damage.
Backup your data
The best cure is prevention, but if you do fall victim to a cyberattack, it’s vital that you have your data backed up effectively to enable you to recover your systems without serious downtime, data losses or financial damage.
Control system access
Make sure you have a security perimeter that protects both your digital and physical environments. In the same way that you don’t want any Tom, Dick or Harry to be able to logon to your network, you also don’t want attackers to be able to physically access your office (or home) computers and infect them with malware.
Secure your WiFi network
Secure and hide your WiFi network to prevent cybercriminals gaining access and turning it into ground zero for your next malware epidemic.
Give every employee their own logins
Shared access credentials can put your organisation at greater risk of breach. Ensure every user has their own login details for every platform and app in use.
Control user access
Restricting user access to only the tools and functions they actually need is a great way to limit the amount of damage that can be done if their credentials are compromised. It’s also smart to restrict their ability to download or install unauthorised apps to avoid things like Trojan horse viruses sneaking inside your security perimeter.
Use strong passwords and multifactor authentication
Weak passwords are still extraordinarily common and a frequent gateway for cybercriminals. It’s important to enforce the use of strong passwords – preferably randomly generated using a reputable password manager.
You can double or even triple the protection that passwords offer by enabling multifactor authentication where possible. This uses two or more forms of verification – normally a password (something you know), an OTP or authenticator app (something you have), and/or a fingerprint or faceID (something you are) – before granting access to your environment.
WeconnectU and Cybersecurity
At WeconnectU, we take security seriously, investing significant time and resources into staying on top of digital threats. Our software solutions all comply with cybersecurity best practices, and our AWS-hosted cloud servers benefit from Amazon’s state-of-the-art security and access control.
One thing we cannot control, however, is your own approach to cybersecurity.
The fact is, effectively fighting back against cybercrime requires dedication from all sides. That includes ensuring every user with access to your environment is cyber-wise, and understands and follows your security best practices.
Why do we care? Because we’re not just software suppliers, we’re software partners. We care about helping our clients build successful and sustainable businesses. That doesn’t just mean supporting you with industry-leading end-to-end solutions. It means helping in any way we can to mitigate the risks that come with running a modern business.