The Internet has transformed our lives in many good ways. Unfortunately, this vast network and its associated technologies also have brought in their wake, the increasing number of security threats.
Computer security basically is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system.
Security of your online systems is important, particularly your financial systems. In this article we offer three (3) key computer security measures you should seriously consider.
1. Password Management
We recommend the following best practices for password management:
- Change your password at least once every 90 days
- Keep your username and password confidential. Memorise your password and do not write it down or reveal it to anyone
- Do not disclose your password to anyone claiming to act on behalf of a company. Remember that no one should ever ask you for your password
If you’re using digital banking or investment services, anything that relates to your finances, please be aware of the following:
- Leave your mobile devices unattended after logging on to a financial institution. Always log off properly when you have finished.
- Install applications on your mobile devices unless you trust the source. Understand the permissions of mobile applications before you install them.
- Use untrusted custom virtual keyboards.
- Set up auto-lock and passcode lock to prevent unauthorized access to your mobile devices.
- Download and install applications on your mobile devices from trusted app stores, for example, App Store® and Google Play™.
- Only store your own fingerprint/Face ID and on your device before you enable Touch ID/Fingerprint ID/Face ID for any financial system.
- Disable Touch ID/Fingerprint ID/Face ID if your device is to be sent for servicing.
2. Business Email Compromise (BEC)
Fraudsters may impersonate your contractors and suppliers by sending e-mails requesting for changes to your payment bank accounts. They may also impersonate senior management of your bank, or if you work for a larger organisation, senior management of your company. The goal is to bypass normal procedures to make urgent fraudulent payments.
Since the sender’s email address closely matches a known address, this type of fraud often goes unnoticed until it’s too late. Cybercriminals may even hack into a real email account – from which fraudulent communications are hard to identify. As per the US–FinCEN report of Jul 19, the total value of attempted BEC climbed from USD 110m per month in 2016 to an average of USD 301m per month in 2018. Use of fraudulent vendor or client invoices grew from 30% of sampled 2017 incidents to 39% in 2018. BEC is a real threat and can cause significant financial loss and reputational damage.
How to keep your business safe from BEC:
- Carefully scrutinise all e-mail payment instructions to ensure that they’re from the right person with correct email address
- Verify payment requests and changes to account details using known contact details
- Establish other communication channels, such as phone calls, to verify significant transactions and avoid interception by a hacker
- Consider using Digital Signatures for all electronic communications related to payments
- Look out for unusual changes in business practices. For example, getting a request from someone who is normally not involved in the payment process or a vendor asking for an account number to be changed
3. Phishing Scams
Everyone should be wary of online phishing scams. Phishing is an attempt by criminals to ‘fish’ for personal information such as the security credentials you use for online banking/purchase, or to convince you to click an embedded malicious file/link/QR code. Someone can send you an e-mail or SMS which appears to come from your bank or an organization you have registered with, for example:
- To inform you that your bank account has been blocked and provide you with a link to reactivate the account; or
- To inform you that a transfer deposit / payment advice is issued at your request and ask you to open the attached file to confirm the information.
The e-mail or SMS asks you to click on a link, the attached file or scan a QR code to confirm your bank account, username or password and in this way, they obtain your details. In some cases, your computer will also get infected with malware by following the instruction stated in the phishing scams.
Whenever there is money involved, whether it is updating bank account details or sending a payment, if something is a little odd, double check and clarify. It is always better to be safe than sorry!
There are many ways we can assist you with your business administration or marketing needs. Feel free to schedule a call with Nicole and explore how we can support you.