Why You Should Care About Cyber Hacking

Jacques du Rand 2021-07-24

When you’re browsing the internet you might come across banner ads for cybersecurity firms and not even think twice about it. The everyday person cares not so much about cybersecurity for their daily life, as they find backing-up their information and IP through a reliable Cloud service provider, enough. But the everyday person should care about the security policies of larger companies they trust with their personal information. Here’s why:

Hacking Is Fairly Common

Hacking happens quite frequently, but you only hear about the cases where breaches happened and they were significant.

Recently a large insurance hack made the news. Personal information inclusive of bank details were allegedly breached and stolen.

A number of people might think the worst that can happen with one’s identity number being exposed is that they might one day find themselves listed as married at home affairs, when they certainly are not. Unfortunately that is not the worst that can happen, even though trying to fight with Home Affairs does sound like some kind of personal hell.

Identity theft can be a much bigger problem. It occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. Here you might one day wake up and find loan sharks knocking at your door threatening to bust your knee caps for the money ‘you’ borrowed to buy a house.

But even this is not the worst. Clever hackers can use your ID number combined with your bank details to empty out your account, and or buy stuff by signing up for debit orders.

Shouldn’t Big Companies Cater To Better Security?

The short answer is, yes. And most big companies do. However, even the best cybersecurity systems are not foolproof.

There is a difference between managed cybersecurity, cybersecurity software systems, and making sure your site and server are generally safe.

With managed solutions a team of expert programmers are on standby to any alerts set up by themselves for any kind of breach on your system. The alerts are based on your breach risk potential. When they receive an alert, they usually react pretty fast with a number of defensive strategies to mitigate or stop the breach in its tracks.

Software products are also pretty good at setting up a first line defence and try to mitigate or stop the breach. It will alert a team only where it is unsuccessful, or a further trigger has occurred, who will then need to react pretty fast to mitigate or stop any further breaches.

The third solution is generally okay for anyone that doesn’t store any personal customer information, but is certainly not infallible.

However in all three, there are extenuating circumstances. A programmer may have unknowingly left a ‘backdoor’ open, or there is a vulnerability with just one item that wasn’t checked all the way through - and that could be the achilles heel for the whole system. Hackers trawl through thousands of lines of code to try and discover that one achilles heel.

Larger companies usually have access to their own security teams, or will frequently have their systems tested for any insecurities by ethical hackers. This makes them safer, but certainly not 100% hack-proof. Smaller companies don’t necessarily have the man- or financial power to perform these kinds of tests regularly.

How Do You Make Sure Your Data Is Secure?

The best way is to start paying attention to these incidents when they happen in the media, and also start asking service providers about their security policies. Don’t take for granted that they have one. Read the fine print in your contracts for what happens when/if they are breached and do lose data. They need to be accountable for safeguarding your personal information, and have a clear process for what would happen in such a scenario, but you should educate yourself as well.

Start paying attention to the security firms mentioned in the breaches in the media, and how they respond to situations. And veer away from any companies that use them - especially if you see regular breach patterns.

Some of the other, more generic advice to help minimise the risk of fraudulent incidents, include:

  • Not to disclose any personal information, including passwords, over the phone, email or via SMS.
  • Examine your bank records more closely for any transactions you don’t recognise. Fraudulent transactions might not always be large numbers. At scale, those small deductions can add up.
  • Change your passwords regularly and try to use different passwords for all of your accounts.
  • Check the “Have I Been Pwned?” website which lets you check whether your personal data has been compromised by data breaches using your username or email address.

Company Liability in South Africa for Data Breaches

According to the newly fledged POPI act which aims to protect personal information:

"A responsible party, which is defined as a person or business which processes personal information, will be obliged in the event of a data breach to notify the Information Regulator as well as affected parties within a reasonable time after the discovery of the compromise."

Not only this, but organisations need to make sure they have the correct insurance cover (cybercrime insurance) in place to protect their businesses. Loss of personal information, and especially financial information that leads to further fraud, can be claimed for by those impacted from the breach. The latter most South African’s are not aware of.

Keep yourself and your personal information safe by better understanding the policies of those you trust your data to.