What's Happening?

Facebook Twitter Youtube Linkedin

NEED HELP? QUESTIONS@FIA.ORG.ZA

become A FIA member TODAY
member login

Virtual safety

ARTICLE BY

  • Jan Nel
  • Head of Information Security
  • Q Link & Q Sure

SHARE THIS POST

There is a common misconception that only large corporations are at risk of cybersecurity breaches. However, smaller businesses are equally vulnerable and may, in fact, be at higher risk due to their limited cybersecurity budgets. With fewer resources, smaller businesses may not have adequate funds to invest in cybersecurity measures and become easy targets for cybercriminals. However, having a smaller budget doesn’t mean that you have to resign your business to being vulnerable to cyber attacks. There’s still plenty that small business owners can do to protect themselves.

Understanding the risks

The cybersecurity landscape has experienced a significant surge in cyber threats, evolving attack methods, and new technologies. Attackers have become more sophisticated in their methods, leveraging automation, artificial intelligence, and machine learning to develop novel attack vectors. The human element remains the weakest link in cybersecurity, and attackers are increasingly targeting employees via social engineering tactics. So, it’s important that business owners stay up to date with criminal trends and understand the threats facing their organisations. 

Top risks that businesses face in terms of cybersecurity depends on the nature of the business, the scale of operations, and the company’s risk appetite. The most vulnerable businesses are those that provide sensitive services or conduct transactions online, possess sensitive customer data, or operate in emerging economies with sophisticated cybercriminals. 

Some of the current top risks in cybersecurity include social engineering, security misconfigurations, malware, and ransomware. With social engineering, hackers use manipulation tactics with employees to gain access to systems and data while security misconfigurations occur when defenses are not properly configured. Malware and ransomware can take over a network or system, stealing important data or demanding a ransom. To mitigate these risks, it is important that businesses have robust security policies and procedures in place, such as regular employee training, effective IT controls, and disaster recovery plans.

Avoid common mistakes

Common mistakes smaller businesses make in regard to cybersecurity are…

  1. Neglecting anti-virus and anti-malware software: Smaller businesses often forgo loading anti-virus and anti-malware software on every workstation and server. They assume such measures are only necessary for large companies, which leaves them open to attacks.
  2. Not running daily scans with anti-virus and anti-malware: Just installing the software is not enough. These software programmes must be applied daily to scan all workstations and servers for potential malware and spyware. 
  3. Failing to install critical security updates: Businesses need to stay on top of the latest security updates and patches to ensure their protection against vulnerabilities. Hackers often exploit these vulnerabilities to gain access to systems and data. 
  4. Cybersecurity practitioners not staying up-to-date with current trends: Technology advancements are continually creating new vulnerabilities which cybercriminals exploit. Unfortunately, cybersecurity practitioners often fail to stay current with the latest security trends and threats. This can make it challenging to identify and mitigate emerging risks.

Stay safe

The best approach to mitigate cybersecurity risks is to conduct IT security risk management to understand the shortcomings within the environment. This process involves identifying potential threats and vulnerabilities that could compromise the security of the organisation. Once the security risks and gaps have been identified, processes can be implemented to mitigate the risks. 

However, it is important to note that there is no silver bullet for cyber security. Organisations must proactively work to strengthen their security posture by implementing security best practices and continuously monitoring and testing their systems for vulnerabilities. 

Even with the best cybersecurity technology, humans remain the most significant factor, with studies showing that over 90% of cybersecurity breaches involve some kind of human error, making it crucial to understand the role of the human element in cybersecurity.

One factor is social engineering, which is used extensively as an attack vector against businesses. These attacks are designed to exploit human behaviour or emotions, such as trust, fear, or shame, to trick people into handing over sensitive information, such as usernames, passwords, or credit card information. Typically, social engineering attacks are executed through phishing scams or tricking employees into installing malware on their computers.

To mitigate the threat posed by social engineering, companies should focus on raising staff awareness levels of the risks and how to detect and respond to social engineering attempts. By providing proactive training and education, companies can reduce the likelihood of their staff becoming unwitting accomplices to these fraudsters.

With remote working becoming the new norm, organisations should also invest in educating remote workers on security best practices, such as using secure passwords, avoiding public Wi-Fi, and spotting phishing scams.

To mitigate cyber security risks, it’s essential to understand the cyber risk profile of the business. We must continuously monitor and assess the security controls in place and stay up-to-date on emerging threats. Without proper knowledge and awareness, you cannot fix what you don’t know.

Cyber Safety Starts Here

Basic cybersecurity practices, albeit not expensive to implement, can go a long way in mitigating cybersecurity risks. Areas to focus on include:

  • User access control
  • Vulnerability scanning
  • Anti-virus
  • Email security 
  • Regular patching
  • Multi-factor authentication
  • Strong password policies

Subscriber Terms and Conditions

  1. APPLICATION OF TERMS
    • These terms and conditions (“Subscriber Terms”) apply to the subscription by any qualifying member of the South African Underwriting Managers Association NPC (“SAUMA”) to the services and benefits offered by FIA Services (Pty) Ltd (“FIA Services”) under the SAUMA affiliation arrangement (“Subscription”).

  2. NATURE OF SUBSCRIPTION
    • A Subscription under this arrangement:
      • does not constitute membership of FIA NPC;
      • does not confer any voting rights or governance participation in FIA NPC; and
      • is governed solely by the contractual relationship between the Subscriber and FIA Services.

  1. ELIGIBILITY
    • To qualify for the Subscription, the applicant must, at the time of application, be a current paid-up member of SAUMA.
    • FIA Services will verify the applicant’s SAUMA membership status with SAUMA prior to activation, and may re-verify such status periodically.
    • If a Subscriber ceases to be a paid-up member of SAUMA, the Subscription will correspondingly be terminated.
    • Applicants are required to authorise FIA Services to confirm their SAUMA membership status with SAUMA as part of the application process.

  1. SERVICES
    • The Subscription entitles the Subscriber to the following benefits:
      • Complimentary access to the FIA CPD Platform;
      • Complimentary access to the FIA Insight Magazine (digital edition);
      • Advertising opportunities on FIA platforms at a discounted rate of 15% (fifteen percent) off the prevailing published rates; and
      • Invitations to attend FIA Technical Webinars annually.
    • FIA Services reserves the right to update, vary or substitute the Services from time to time, provided that the overall value and nature of the benefits remain materially the same.

  1. FEES AND PAYMENT
    • The monthly subscription fee is R260.00 (two hundred and sixty rand) for up to seven registered individuals (Key Individuals and Representatives), and R36.00 (thirty-six rand) per additional registered individual thereafter, excluding VAT.
    • The Subscriber shall provide FIA Services with the required details of each individual to be registered under the Subscription for the purposes of activation and billing.
    • All fees are exclusive of VAT, which shall be charged at the prevailing statutory rate.
    • Subscription fees are reviewed annually in March and may be adjusted with effect from 1 April.
    • Any changes to the Subscription, including but not limited to the number of Representatives and Key Individuals registered under the Subscription, may only be effected once annually during the annual review period in March of each year, with such changes taking effect from 1 April.
    • Subscription fees shall be billed monthly in arrears, unless the Subscriber elects an annual billing cycle at the time of application.
    • The Subscriber shall ensure that all billing information (including contact details, authorised signatories and bank account details) is kept accurate and up to date.
    • Non-payment of subscription fees may result in suspension of access to the Services until such fees are brought up to date.
    • The Subscriber acknowledges and agrees that all subscription fees payable under these Subscriber Terms may be collected by way of debit order, which shall be processed by the holding company, FIA NPC (The Financial Intermediary Association of South Africa), on behalf of FIA Services. Payment to FIA NPC shall be deemed to constitute valid and sufficient discharge of the Subscriber’s payment obligations to FIA Services under these Subscriber Terms.

  1. ONBOARDING
    • Onboarding will be conducted as a Subscription with FIA Services under the SAUMA affiliation arrangement.
    • Onboarding will not confer FIA NPC membership status or any associated rights.
    • Onboarding is conditional on confirmation of the Subscriber’s current SAUMA membership at the time of application

  1. DATA PROTECTION
    • FIA Services will process all personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) as set out in our POPIA policies.
    • By subscribing, the Subscriber authorises FIA Services to confirm their SAUMA membership status with SAUMA and to process personal information for the purposes of fulfilling the Subscription.

  1. TERMINATION
    • The Subscriber may terminate the Subscription by giving FIA Services one calendar month’s written notice.
    • FIA Services may terminate the Subscription on one calendar month’s written notice, or immediately if the Subscriber breaches these Subscriber Terms and fails to remedy such breach within 14 (fourteen) days of receiving written notice.
    • Termination of the SAUMA–FIA Services affiliation agreement shall not automatically terminate these Subscriber Terms.
    • Termination by the Subscriber shall not relieve the Subscriber of liability for any subscription fees accrued up to the effective date of termination.
    • FIA Services may suspend or terminate the Subscription with immediate effect in the event of non-payment of fees by the Subscriber.

  1. GENERAL
    • These Subscriber Terms are governed by the laws of the Republic of South Africa.
    • Any disputes arising under these Subscriber Terms shall be dealt with in accordance with the dispute resolution provisions contained in the FIA NPC membership terms and conditions, as modified to reflect that the contractual relationship is with FIA Services.
    • Any notices required under these Subscriber Terms may be validly delivered by email to the addresses provided in the Subscriber’s application form, and such notices shall be deemed received on the day of transmission if sent during business hours.
    • The Subscriber may not assign, cede or transfer any of its rights or obligations under these Subscriber Terms without the prior written consent of FIA Services.
    • No variation of these Subscriber Terms shall be of any force or effect unless reduced to writing and signed by both FIA Services and the Subscriber.