How to protect your business from cyber attacks
W Ezinhle@ times. co. sz
h a v e h a d a r u d e a wa k e n i n g t h a t c y - ber- attacks are real as F NB c u s t o mers were r e c e n t l y defrauded. And i n South Africa the hot potato is the cyber- attack on Transnet.
I t seems t he hackers are adamant on making this a new trend, which means no business is safe online - unless of course, they play by the rules of online security.
Change usernames and passwords frequently
“One of the thumbs up rule for c yber s ecurit y i s t o make s ure you change default usernames and passwords on your network as quickly as possible,” said I T Specialist Blessing. Cyber security team explained that these are often known to cyber criminals and make your business extremely vulnerable to cyber attack if they remain unchanged.
Be sure to change your usernames a nd passwords a t l e a s t ever y 90 days. Changing t hem even more often i s never a bad idea.
CYBER CRIMINALS
The longer a password remains the same, the more chance it has of being hacked by cyber criminals. Most network providers have a how- to guide included with their network package t hat explains how t o c hange usernames and passwords.
UPDATE SYSTEMS
“One of the things that let down security is using out- dated apps,” said I T Specialist Blessing. He added that using up- to- date apps and software is a good start for c ompanies t o e ns ure t hei r c yber- security.
“Every new app can open t he door to a cyber attack if you don’t re gularly patch and update al l s of t ware on every device used by your employees,” wrote Traci
Spencer on Industry Week.
Always check for updates when p u r c h a s i n g a n e w c o mpute r o r installing a new software system. Be aware t hat s of t ware vendors are not required to provide security updates for unsupported products. Hence, don’t delay downloading operating system updates. These updates often include new or enhanced security features.
“IT is very important to keep all systems and software updated and having the latest patch installation to reduce vulnerabilities,” said Gugu Nkambule from Ministry of ICT
PROPER FIREWALLS
Nkambule said, “Having a irewall in place is a basic requirement and recommended as best practice in network traf ic management.” They explained that a irewall helps protect an organisation’s data, system a n d i n f r a s t r u c t u r e by b l o c k i n g unwanted and unsolicited network incoming traf ic.
“For example, irewalls can detect when large amounts of data are being implanted on or extracted from your network,” said IT Specialist.
He emphasized that if the activity h a s not b e e n a u t h o r i z e d by t h e appropriate personal, the irewall will automatically shut down the process.
Use a security software that tests for vulnerabilities:
There are various software options that test your network and payment terminals for breach vulnerability. The irst thing you need to do, is to check with your payment processor.
Some offer free irewall and security testing as part of their package.
Cyber Security Internal audit - a must for companies:
One of the ways to stay ahead of c yber c r i minals i s t o c onduct I T internal audit. The Ministry of ICT states “IT Internal Audit has a critical role in helping organisations manage cyber threats and thereby safeguard the critical information and Infrastructures including that of customers.”
Nkambule elaborated, “It is therefore recommended t hat each organisation must conduct periodic s ecurit y audits and penetration testing to i dentify cyber security risks and vulnerabilities as stated in the National Cyber security Strategy for Eswatini.” Furthermore, she said, it is requisitely important for an organisation to have i n place a Cyber security contingency plan to ensure business continuity when an attack has been suffered. Secure wireless access points: For secure wireless networking, use these router best practices: Change the administrative password on new devices
Set the wireless access point so that it does not broadcast its service set identi ier ( SSID) Set your router to use WiFi Protected Access 2 ( WPA‐ 2), with the Advanced Encryption Standard ( AES) for encryption Avoid using WEP ( Wired‐ Equivalent Privacy).
If you provide wireless internet a c c e s s t o y o u r c u s t o m e r s o r visitors, make sure it is separated from your business network.
wwwWEB AND EMAIL FILTERS
B u s i n e s s Te c h a dv i s e d , “Us e email and web browser ilters to detect hackers and prevent spam from clogging employee inboxes. It is also recommended that you download ‘ blacklist’ services to block users from browsing risky websites that pose malware risks.
Caution your employees against visiting sites that are frequently associated with cyber- security t hre a t s , s uc h a s pornographic websites or social media.
“This may seem like a no- brainer; but it only takes one employee to visit the wrong website to inadvertently download malware onto your company systems,” i t was stressed.
ENCRYPTION
Tracey said, “Use f ull- disk encryption to protect all your computers, tablets, and smartphones. Save a copy of your encryption password or key i n a secure l ocation separate from your stored backups.”
S h e ex p l a i n e d t h a t e mai l r e - cipients typically need the same encryption capability in order to decrypt. Never send the password or key in the same email as the encrypted document. Give it to them via phone or some other method.