The Insurance Institute of South Africa (IISA) has education at its core, offering key learning for the industry and CPD hours. At home in its offices in Hyde Park, the IISA team is already rolling out and encouraging attendance at a number of training events in the ITOO Premium Learning Centre.
Ryan van de Coolwijk of Hollard Specialist Risks and Liabilities (soon to become ITOO Special Risks), together with the MWR InfoSecurity team, an independent security agency specialising in cyber security, hosted a workshop on cybercrime at the IISA Premium Learning Centre. They unpacked potential exposure to cyber crimes and the necessary incident response one needs to take if hacked – helping delegates to become more #cybersmart, both personally and professionally.
MWR did a mobile presentation that helped the delegates to understand the minds of hackers and how they operate, underlining the inevitability of cyber attacks. They can happen to anyone or any form of business and shouldn’t be underestimated.
“A hacker need not wear a trench coat,” said Ryan. “They do not need to be professional criminals to conduct cyber crimes.”
Hackers can gain access to sensitive information through a number of ways, namely WiFi hotspots, weak passwords, lost and stolen devices, accidental disclosure of devices, unattended devices and untrusted devices. Hackers have gone as far as paying people to develop ads that contain malware. When viewers click on the ads, sensitive information gets detected without them knowing.
“It is clear that the hackers’ business is to conduct cyber attacks,” said Ryan. “Even anti-virus software cannot keep up with the new variances that hackers come up with.”
However, it is not all doom and gloom…
Ryan introduced the delegates to an incident response plan (IRP), which is an approach to managing the occurrence of cyber attacks. It is wise for companies to prepare and plan for cyber crimes by using an IRP.
“High targeted risks may be there for weeks or even months before you know something has happened,” he said. “If you understand the threat, you can understand the type of response you need to take. This means getting experts in to do the job.”
Ryan highly recommended cyber insurance as part of a risk mitigation strategy. More than providing basic liability cover, the Hollard cybercrime policy provides cover for third-party liability, incident response/mitigation and first-party liability.
The talk ended off with tips on how to become more #cybersmart. These include:
- Keep software updated (anti-malware, OS, etc)
- Use strong passwords and change them regularly
- Enable multi factor authentication where possible
- Avoid free WiFi
- Forget unfamiliar WiFi networks and turn off WiFi where possible
- Think before you click
- Check for HTTPS or a lock symbol on web addresses
- Check before inserting your devices into memory stick slots or remote charging stations
- Log out of applications or websites when you’re done
- Avoid public computers for personal business
“People think that developing a cyber IRP is difficult,” concluded Ryan, “but think of it like this: if your company can prepare for a fire safety plan (which is likely to happen) then surely it should be able to develop a plan for hackers too.”