Security Updates

Security Insights Protect your company from Business Email Compromise attacks Business email compromise (BEC) has emerged as a significant threat to organisations worldwide, including South Africa. BEC is an email-based social engineering attack that seeks to defraud its victims by tricking them into revealing sensitive information, making unauthorised payments or disclosing confidential data. These attacks often bypass traditional email filters, making them especially insidious and dangerous for businesses of all sizes. Understanding the threat Business email compromise is a growing problem because it is relatively easy for attackers to carry out and can be extremely profitable. Attackers need only to find one vulnerable individual within an organisation – someone who can be manipulated to click on a malicious link or attachment – to gain access to the company’s network. Once inside, they can wreak havoc, stealing funds, data and intellectual property. Common tactics used in BEC attacks Impersonation of company executives: Attackers often pose as high-ranking executives to request wire transfers or sensitive information. This tactic leverages the trust and urgency associated with senior staff communications. Falsifying invoice payment details: Cybercriminals may intercept legitimate vendor emails and alter the payment details, thus redirecting funds to their own accounts. Phishing for sensitive information: Employees might be tricked into revealing login credentials, financial information or other confidential data through cleverly crafted phishing emails. These scams can result in significant financial losses, damage to reputation and legal repercussions for businesses. Preventative measures to combat BEC Given the severe implications of BEC attacks, it is crucial for business owners and senior staff to implement robust security measures. Here are some key controls to prevent business email compromise: Use a secure email solution: Invest in a secure email platform that includes advanced threat protection features. These solutions can help detect and block malicious emails before they reach your inbox. Set up multifactor authentication (MFA): Implement MFA for all email accounts. This adds an extra layer of security by requiring a second form of verification in addition to a password, making it more difficult for attackers to gain unauthorised access. Teach employees to spot warning signs: Conduct regular training sessions to educate employees about the common tactics used in BEC attacks and how to recognise suspicious emails. Awareness is a critical line of defence. Set security defaults: Enforce strong security policies and defaults, such as requiring complex passwords and regular password changes. Ensure that all software is up-to-date with the latest security patches. Use email authentication tools: Implement email authentication protocols like SPF, DKIM, and DMARC. These tools help verify the legitimacy of incoming emails and prevent spoofing. Adopt a secure payment platform: Use secure and verified payment platforms for all financial transactions. Establish clear procedures for verifying payment requests, especially those involving changes to payment details or large sums of money. Conclusion Business email compromise poses a significant threat to organisations, but with the right preventative measures, you can protect your business from these sophisticated attacks. Business owners and senior staff must prioritise cybersecurity and foster a culture of vigilance and education within their organisations. By implementing secure email solutions, multifactor authentication, regular trainings and stringent security policies, you can significantly reduce the risk of falling victim to a BEC attack. Remember, the cost of prevention is always lower than the cost of recovering from a cyber attack. Stay informed, stay secure, and keep your business safe from the ever-evolving threats of the digital world. Action Plan If this article has raised a red flag regarding your own company’s BEC exposure, take action straight away! Engage with an external cyber security specialist, such as fynnCOMM, to perform a complimentary cyber security threat analysis which will serve as a first step in preparing and implementing your cyber security strategy. Complimentary Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo. Security Insights Public Wi-Fi – A Convenience with Hidden Dangers for Businesses Public Wi-Fi hotspots are everywhere: cafes, airports, hotels – they offer a tempting solution for staying connected while on the go. But for businesses, the convenience of free Wi-Fi comes with hidden security risks that can have serious consequences. While public Wi-Fi offers undeniable advantages in terms of accessibility and affordability, it’s a breeding ground for cyber criminals looking to exploit unsecured connections. Once a device connects to a public network, hackers have a potential window into everything you do online. This can include stealing passwords, credit card information or even hijacking your entire identity. Public Wi-Fi providers themselves may not be malicious, but their security measures can be lax. This means your browsing activity and data transmissions are potentially visible and there’s a chance this data could be collected and sold to third parties. Main Threats Here’s a breakdown of the main threats lurking on public Wi-Fi: Man-in-the-Middle Attacks: Hackers can position themselves between your device and the network, essentially eavesdropping on your online activity. This allows them to steal login credentials, banking information, or any data you transmit. Malware Injection: Hackers can inject malicious software onto unsecured networks. When you visit a seemingly legitimate website, the malware can be downloaded onto your device without your knowledge. This malware can then steal your data, track your activity, or even take control of your device. Fake Hotspots: Cybercriminals can create fake Wi-Fi hotspots with names that mimic legitimate businesses. Once you connect to such a network, your data becomes readily accessible to the hacker. The impact of these attacks can be devastating for businesses. Stolen employee or customer data can lead to financial losses, reputational damage, and even legal repercussions. To minimise the risks associated with public Wi-Fi, it’s crucial to educate your staff and implement clear security guidelines. Here are some essential dos and don’ts: Don’t: Access sensitive information like bank accounts, personal data, or internal company documents on unsecured public networks. Leave laptops, tablets, or smartphones unattended in public places. A lost or stolen device connected to public Wi-Fi is a major security risk. Engage in online shopping or financial transactions using public Wi-Fi. Do: Turn off automatic Wi-Fi connectivity on company devices. This prevents them from automatically connecting to unknown or untrusted networks. Monitor Bluetooth connectivity. Keep Bluetooth disabled unless actively in use, as it can be another vulnerability for hackers. Consider a Virtual Private Network (VPN) solution. A VPN encrypts your internet traffic, creating a secure tunnel between your device and the internet, effectively rendering public Wi-Fi connections invisible to hackers. By following these guidelines and fostering a culture of cybersecurity awareness among your staff, you can significantly reduce the risks associated with public Wi-Fi. Remember, a few simple precautions can save your business from a major security headache. Action Plan If this article has raised a red flag regarding your own company’s use of public Wi-Fi, take action straight away! Engage with an external cyber security specialist, such as fynnCOMM, to perform a complimentary cyber security threat analysis which will serve as a first step in preparing and implementing your cyber security strategy. Complimentary Analysis

Security Insights Essential POPIA Security Practices The Protection of Personal Information Act (POPIA) came into effect in South Africa in 2020, fundamentally changing the way businesses handle personal information. POPIA holds companies accountable for protecting customer data, from names and addresses to financial details and online activities. This legislation emphasises data security with hefty fines for companies that fail to comply. But beyond mere legal obligations, robust data security practices build trust with customers and protect your business from costly breaches. So, how can you ensure your company network is secure and compliant with POPIA? Building a POPIA Fortress Your First Line of Defence POPIA requires “appropriate security safeguards” to protect data. This starts with strong, unique passwords for every user account on your network. Enforce password complexity rules across your organisation to consist of a minimum number of characters made up of a mix of uppercase and lowercase letters, numbers and symbols. A password manager could go a long way in generating and storing these complex passwords securely. Multi-Factor Authentication POPIA emphasises the need for “preventing unauthorised access.” Multi-factor authentication (MFA) goes beyond passwords by introducing a second verification step, like a code sent to your phone, to access accounts. This adds a significant barrier for hackers, even if they crack a user’s password. Back It Up POPIA mandates “safeguarding against loss or damage.” Regular data backups are therefore essential. These backups should be stored on a secure, separate system, like an encrypted cloud storage solution. This ensures data recovery in case of technical failures, ransomware attacks or even accidental deletion. Beware the Phishing Hook POPIA emphasises “taking reasonable steps to secure the integrity of the information.” Phishing emails are a common tactic to steal login credentials, so train employees to identify suspicious emails by looking for generic greetings, misspelled words and irrelevant attachments. Never click on links or open attachments from unknown senders. Privacy Settings POPIA requires “determining the purpose for which personal information is collected.” Review your social media and cloud service privacy settings. Restrict access to personal information only to those who need it for their role. Secure Connections POPIA emphasises “taking steps to ensure that personal information is not accessed or acquired by unauthorised persons.” Public Wi-Fi networks are notoriously insecure, so avoid accessing company accounts or transferring sensitive data on public Wi-Fi. Use a secure Virtual Private Network (VPN) to encrypt your connection on untrusted networks. Firewalls POPIA requires “implementing technical and organisational measures” to secure data. Firewalls act as the gatekeeper of your network by filtering incoming and outgoing traffic. A robust firewall can block unauthorised access attempts and malware infiltration. Disposing of Old Equipment POPIA requires “the destruction or de-identification of personal information that is no longer needed.” When disposing of old computers, hard drives, or mobile devices, ensure all data is securely wiped or physically destroyed. Data lingering on old equipment can be a very real security risk. Building Trust through Data Security POPIA compliance goes beyond just checking boxes. It’s about building a culture of data security in your company. Implementing these practices not only ensures legal compliance but also protects customer trust and safeguards your business from costly breaches. Remember, data security is an ongoing process, so regularly review and update your security measures as technology evolves and new threats emerge. By prioritising data security, you can build trust with your customers and ensure a strong foundation for your business in the digital age. Action Plan If this article has raised a red flag regarding your own company’s POPIA compliance, take action straight away! Engage with an external cyber security specialist, such as fynnCOMM, to perform a complimentary cyber security threat analysis which will serve as a first step in preparing and implementing your POPIA and cyber security strategy. Complimentary Analysis

Protecting against ransomware requires a multi-layered approach that encompasses both technical solutions and user education. At FynnComm, we prioritize proactive measures to safeguard your digital infrastructure. Our team implements robust endpoint security solutions, intrusion detection systems, and regular data backups to mitigate the risk of ransomware attacks.