How to protect your business from the cybercrime surge

Whether your business is experiencing its busiest period or a slowdown, one constant threat remains, the ongoing surge in cybercrime, warns Luyolo Ndinisa, IT security specialist at Business Partners Limited.

Cybercriminals don’t just target your IT systems, they target people. They strike when human defenses are at their weakest. Employees may be overworked and distracted, teams may be operating with reduced supervision and enticing “too-good-to-be-true” special offers are everywhere.

Luyolo says by far the most attempts at hacking a company’s IT system is by tricking a staff member to click on a link that begins a process of downloading malicious software, or by persuading staff members to divulge login details. From there, the consequences can be severe. Here are some common scams:

1. Ransomware attacks: hackers encrypt your company’s data and demand payment, often in cryptocurrency to restore access. Most recently, hackers have been demanding an extra payment to stop them from publishing your data online, says Luyolo.
2. Email interception scams: criminals hijack your invoicing emails and replace your banking details with theirs, diverting payments.
3. Impersonation scams: hackers pose as your senior manager and instruct a financial manager in your business to make a fraudulent payment into their account.
4. Account takeovers: hackers successfully convince you or your staff members to divulge your login details, often by pretending to be your bank, they can clean out your bank accounts. With the rapid rise of AI‑powered tools, this type of scam has become far more convincing and far easier for unsuspecting individuals to fall for.

The more you believe that these scams will not happen to your business, the more vulnerable you are, warns Luyolo. He offers the following practical tips to protect your business against these ubiquitous scams:

1. Educate your teams – raise awareness among your staff that they are the primary target, and that the more certain they are that they will never be fooled, the more likely they are to become the victim of a cyber scam. Consider investing in a short cyber-security workshop for your staff.

2. Compile a clear IT policy – develop a simple, common-sense protocol or code of conduct for all staff members to follow when they work on your business’s IT system. Include rules on software downloads, password protocols, connecting external devices and email handling. Ensure that the policy is understood and followed.
3. Institute two-factor authentication – add an extra layer of security for all your sensitive log-ins. This typically involves additional verification of your identity over and above just a username and password.
4. Keep software updated – outdated software is full of security vulnerabilities. Use the latest versions of operating systems and antivirus software. Built in tools of Microsoft Windows and IOS are adequate to protect a basic system, but make sure they are up to date.
5. Limit access – restrict administrative and transaction authority to as few staff members as practically possible.
6. Test your defenses – hire outside experts to assess and test the vulnerability of your business from time to time.
7. Stay vigilant year-round – cybercrimes are a constant threat. Send regular reminders throughout the year to your staff so that everyone stays aware of the risks.