News / Legal Brief
Mar 25,2020
By Ahmore Burger-Smidt, Head of Data Privacy Practice
Let us not doubt the fact that cybercriminals are looking to exploit the spread of Coronavirus to conduct cyberattacks and drive hacking campaigns.
It has been widely reported that numerous companies are experiencing an increase in phishing attacks.
In many cases, these attacks are in the form of phishing emails containing links or attachments that claim to contain important information about the Coronavirus. Once opened, these phishing emails infect the user’s computer with malware that can be used to exploit the “infected victim”.
At this point in time employees will work from home and IT-help will only be available remotely. To limit disruptions during lockdown, the question would be how to protect your company.
Therefore, what should you inform your employees? Tell them, they should not open a random email:
Here are some guidance on spotting phishing emails:
Since there is no way to completely protect companies against malware infection, companies should adopt a defence approach. This means using more than one basic approach as defence. This will allow for more opportunities to detect malware, and then stop it before it causes real harm to the company. One should assume that some malware will infiltrate the company, so companies can take steps to limit the impact this would cause, and speed up their response. Your IT department should:
From prevention to recovery
While prevention is generally accepted to be better than the cure, the reality is that prevention of phishing attacks may not be possible. Working under the assumption that a breach will occur and that a phishing attack will succeed at some point, it is imperative that companies ensure they are able to resume normal operations as quickly as possible. Being prepared for an attack and having a well-designed breach plan in place is non-negotiable and should form part of good governance.
There are certain activities which will have to take place during and immediately after a successful phishing incident that should be included in a cyber breach plan. These activities include:
Do not allow your company to be in the dark. Keep evil at bay!
Be prepared and keep on doing business.
NEWS / Legal Brief
Blackouts, further tariff hikes point to ‘inevitable’ financial distress for SA businesses this yearNEWS / Legal Brief
An exercise in Restraint of trade agreements, what not to do!NEWS / Legal Brief
Crypto asset regulation gaining traction in South Africa