Staying Safe Online: What Does Cyber Crime Mean for Marketers?
Today, cyber crime is one of the greatest risks to business continuity. Yet strangely, it is not acknowledged as such in boardroom meetings. This lack of recognition amongst leadership filters down to marketing and communications teams, which don’t receive the necessary support in protecting both personal and company data online. This is fast becoming a risky approach, as Aon’s 2019 Cyber Security Risk Report underscores: “As we use technology to speed up the transfer of information, it creates amazing opportunity and potentially greater risk.”
Indeed, in the World Economic Forum’s Global Risks Report 2019, “technological instability” was a highlighted threat – with “massive data fraud and theft” ranked the number four global risk over a 10-year horizon and cyber attacks coming in at number five. Looking at the report’s Global Risks Landscape quadrant, cyber-risks were situated alongside environmental risks in the high- impact, high-likelihood quadrant.
When interrogating the sheer magnitude of cyber attacks and breaches that occurred in 2018 alone, the global cyber threat has become a very dark shadow hanging over businesses, consumers and governments. For example, personal data breaches affected around 150 million users of the MyFitnessPal application and around 50 million Facebook users.
The growing sophistication – and frequency – of cyber crime is affecting almost every economy, however, South Africa appears to be particularly vulnerable. According to the South African Banking Risk Information Centre (SABRIC), South Africa currently has the third highest number of cybercrime victims worldwide – with the country losing an estimated R2.2 billion a year to cyber attacks.
Understanding the Threats
When speaking to any reputable cyber security professional, it quickly becomes clear that the only way to really protect businesses and teams is to educate and create awareness. In short, the challenge requires a very hands-on and practical approach. Employees and teams represent both the greatest vulnerability to cyber crime, as well as the best defence. It all depends on how the challenge is tackled – if at all!
To begin with, it’s important that leaders and employees alike recognise the problem and the various guises of cyber crime.
Today, threats come largely in the form of phishing, whereby criminals attempt to trick unsuspecting employees into clicking on a malicious URL or e-mail attachment to steal their login details – which they can then use to gain unauthorised access to the users’ financial accounts or internal company networks.
Notably, current phishing attacks involve some form of social engineering, whereby hackers gather valuable personal information from social media accounts such as LinkedIn, Instagram and Facebook to attach some element of credibility or truth to the attack. By scanning Facebook, for example, hackers will glean details such as birthdays, pets’ names, company and position, vacations, friends’ names, etc.
In 2018, companies reportedly witnessed an increase in what has been labelled “sextortion” attacks and scams. In this context, hackers capitalise on people’s fears of being exposed with emails that claim to know your browsing history on adult sites, for example, or threaten to publish videos or pictures of a sexual nature – that hackers claim to be in possession of. In order to avoid the potential reputational harm, people are thus conned into paying big fines.
Turn the Weakest Link Into the Greatest Defence
When assessing the nature of risks today, it becomes more and more critical that employees, teams and managers are trained. Social hacking, in particular, is a psychological minefield that everyone must be prepared for.
According to experts, companies should invest in bi-annual training (at minimum) for their teams that is geared towards each user group (managers, marketing teams, social media people, HR, etc) so that everyone is aware of the latest attacks and methods. Importantly, teams should undertake regular ‘testing’ by having an outside firm conduct a social engineering hack. These kinds of tests help to keep employees and teams vigilant and aware.
In addition to these targeted training methods, teams need to be made aware that what they post online might compromise the business – and their own online safety. As a result, establishing a comprehensive social sharing policy – with clear rules and guidelines – is essential.
Protecting Social Media Accounts
As we have underscored above, social media accounts offer cyber criminals a veritable treasure chest of valuable data and information. Also, these accounts can often be hacked directly – with ease. Yet most reputable social media platforms today have robust security features and data protection applications that users should leverage.
Here is a short cheat sheet to keeping social accounts secure:
- Always keep your mobile apps updated. Make sure you have the latest version of the platform you’re using. This is because security patches protect you from the latest known threats.
- Close the accounts that you’re not using. Old and forgotten social media accounts may be hacked without being noticed. Hackers can access other accounts or data linked to it, such as your email.
- Implement good password management. For example, use different passwords for your social media accounts, and also make sure that each password is complex and unusual. Enabling 2FA for all your accountscan prevent unauthorized parties from accessing your accounts.
- Use a unique/different email address for your social media accounts. Where possible, create a new email address specifically for social media accounts – so that if you are compromised, the hackers cannot gain access to any sensitive data.
- Heed some advice from an actual social engineer, Jayson E. Street, courtesy of HelpNetSecurity. “If you get a feeling that something isn’t right, listen to the voice in the back of your head telling you this and react…”
Finally, it goes without saying that every team member needs to take responsibility for his or her own device – and data – safety.
This means regularly checking for and running software updates and security patches, which should include all of your mobile devices. Always review your backups and make sure that the correct data is being backed up, at regular intervals. With the increasing stringency of data protection laws such as Europe’s General Data Protection Regulation (GDPR) and South Africa’s Protection of Personal Information Act (PoPI), leaders and employees have little choice but to take data management very seriously.
If you’d like to know more about how media intelligence can help you track and measure your impact online, drop us a line.