Cybersecurity: Info age security cracks require newfangled awareness

Once considered futuristic, smart homes and offices are now a reality. We never seem to have enough new tech, with products added daily to improve efficiency and convenience.

While many are turning their homes into ‘internet of everything’ hubs, we must recognise that this can serve as a portal to cybersecurity disasters.

Data makes the world go round

Ransomware can cripple an organisation in a second; data drives the world, and losing information to hackers can put an estate into a precarious position.

‘One of the primary issues with adding smart devices is that most are not designed for use in the home and lack cybersecurity,’ explains Sharon Knowles, CEO of Da Vinci Cybersecurity based in Cape Town.

‘Our homes are evolving toward an intelligent paradigm, from remote door locks to cameras, refrigerators and baby monitors, and these surroundings are perfect for fraudsters to exploit.’

Cyber safety in COVID-19 context

Do you know if your body corporate or homeowners association has put cybersecurity solutions in place to protect you as homeowner? Today’s cybersecurity operations rely on technology to perform successfully, yet even the best equipment has dangers, whether from inadequate planning or installation, or from unforeseen events, according to Knowles.

Estate managers or estate security officers manage these risks to get the best performance out of technology and keep residents safe.

‘The rising number of people working from home has created a fertile atmosphere for hackers. Unfortunately, while office cybersecurity has increased, this is not often the case at home and might not even be on the priority list of your estate,’ Knowles explains. She adds that a pattern is taking shape when cybersecurity information is tracked. ‘The maps clearly illustrate that as each country’s COVID-19 score rises, so does the number of cyberattacks.’

Fending off attacks

1. Ensure that your devices at home are password protected, and enable two-factor authentication (i.e. protecting your account with both your password and phone).
2. Change your home router access username and password.
3. Check that the kids’ gaming devices are secure.
4. Read your estate’s policy guide to ascertain which measures are in place.
5. Request a cyber incident plan should any information be comprised on the database, and find out what your estate’s response plan is.
6. Look at the type of CCTV cameras and biometric devices used, then ask what happens when they are comprised and what the backup plan is.

Rest insured

Knowles says that consumers are progressively taking advantage of the cyber insurance packages now on offer (davinciforensics. co.za), and she foresees a rise in both business and personal cyber insurance.

‘As technology evolves, scammers change their modus operandi. These organised syndicates are professional and very skilled,’ she says.

Dealing with a security breach

Itec SA cybersecurity product manager Ria Mey says that in case of a breach, all staff members should be notified, and a case logged with your cybersecurity insurance carrier.

‘To keep an attack from spreading, filter and block traffic, isolate the affected machines or disconnect the internet completely. Maintain your firewall settings and change all passwords.’

Mey says that all residents should be informed when a security breach has been detected. ‘This is imperative, as everyone, including staff and vendors, needs to investigate whether they have been affected.

‘They will also have to assess the situation to determine which information was accessed – confidential data such as full names, addresses, ID numbers and banking details – before everyone is informed accordingly.’

Act according to the Act

In terms of section 22 of POPIA (Protection of Personal Information Act), where there are reasonable grounds to believe that the personal information of a data subject has been acquired by any unauthorised person, the responsible party must notify the Information Regulator and data subject, unless the subject’s identity cannot be established.

The responsible party may only delay notification of the data subject if a public body responsible for the prevention, detection or investigation of offences, or the Information Regulator, determines that notification will impede a criminal investigation.

Notification must be in writing and communicated to the data subject in a prescribed manner, and must provide enough information to allow the data subject to take protective measures against potential consequences.