It is predicted that there will be 7,5 billion Internet users by 2030 and that more than 111 billion lines of new software code is produced each year. While the growth is exciting, these statistics also outline the number of vulnerabilities open to exploitation. Together with an estimated 96 zettabytes of digital content currently produced, this sheer volume will lead to increased cyber-attacks and security events, all of which will be virtually impossible for humans to contain.
Ryan Mer, Managing Director, eftsure Africa, a Know Your Payee (KYP) platform provider, said that cybersecurity is almost always a people problem first: “While the amount of business transactions taking place online is constantly growing and working from home is now commonplace, business controls have not kept pace with Digital Transformation. This has led to increasing demand for cybersecurity solutions.”
Mer said that this is where the eftsure SaaS platform is making a big difference in businesses of all sizes. The FinTech company provides verification of payee and payment data software to businesses to protect against payment fraud in the B2B sector: “We provide a platform to digitise and automate the verification of payees and eft payment data, on a continuous basis through our KYP technology. eftsure protects companies against fraud and error made through incorrect, fraudulently changed or maliciously altered payee information.”
Cybercrime targeted at businesses is fuelled by email usage, social engineering and gaps in payment systems. Mer offered the following tips to stay ahead of cyber scams:
1. Understand the risks
The tactics used by cybercriminals are constantly evolving and include the likes of business email compromise, social engineering, malicious software, phishing, ransomware and even recruiting insiders to help. Most organisations also rely on manual processes, which in turn, have numerous gaps and rely heavily on human input and decision making. Researching and understanding the many ways you could be attacked is your first line of defence. It’s also crucial to understand the risks specific to your own organisation and to identify its weak spots. This means testing your current processes and systems to identify vulnerabilities, perhaps with the help of more experienced external experts.
2. Beef up your basic security
Consider restricting user access to certain systems and applications and ensure those who leave the company no longer have any access. Look at whether you can strengthen the company’s passwords — for example, by requiring them to have more characters and a combination of letters, numbers and symbols. In addition, passwords should be changed on a regular basis and if possible, two factor authentication should be used. Review whether there are any vulnerabilities in how your company provides remote access.
3. Tighten your payments security
Once you understand the threats out there, take a hard look at your payments processes and identify potential weaknesses. Ways to plug these could include ensuring there is clear separation of duties between staff and adding more verification steps. Promote a culture where it’s safe for staff to question any requests that don’t look right. Also, encourage them not to rely on email and to actively verify money transfer requests and changes in supplier payment details. While checking with senior executives or verifying by phone are options, they are time consuming, inefficient and hold their own risks. Independent third-party platforms, such as eftsure, can help manage supplier data and automate payment checking and supplier verification, saving time on manual processes and reducing human error.
4. Train your staff
Since employees are usually the target of cybercrime, especially those in finance and accounts payable, equip them with the skills and tools to spot threats and respond effectively. Introduce cyber safety awareness programs, workshops and simulations that teach staff how to recognise spam and phishing messages and make them aware of the wide variety of threats out there. Also instruct them on how to identify and report suspicious online activity.
5. Make cybersecurity part of your DNA
Constantly reminding staff at all levels about the risks of cybercrime will, over time, help build a strong security-conscious culture for your entire business. Ensure the right tone is set from the top down and that management sets a good example. And remember this is just the start! Constantly review this threat and keep getting better at fighting it because, as the statics and headlines keep confirming, cybercriminals just keep getting better at what they do.