Cyber security

Once considered futuristic, smart homes and offices are now a reality. We seem to never have enough new tech, with products added daily to improve efficiency and convenience.

While many are turning their homes into ‘internet of everything’ hubs, we must recognise that this can serve as portal to cybersecurity disasters.

Data makes the world go round

Ransomware can cripple an organisation in a second; data drives the world, and losing information to hackers can put an estate into a precarious position.

‘One of the primary issues with adding smart devices is that most are not designed for use in the home and lack cyber security,’ explains Sharon Knowles, CEO of DaVinci Cyber Security based in Cape Town.

‘Our homes are evolving toward an intelligent paradigm, from remote door locks to cameras, refrigerators, and baby monitors, and these surroundings are perfect for fraudsters to exploit.’

Cyber safety in Covid-19 context

Do you know if your body corporate or homeowners’ association has put cyber security solutions in place to protect you as homeowner?

Today’s cyber-security operations rely on technology to perform successfully, yet even the best equipment has dangers, whether from inadequate planning, installation, or unforeseen events, according to Knowles.

Estate managers or estate security officers manage these risks to get the best performance out of technology and keep residents safe.

‘The rising number of people working from home has created a fertile atmosphere for hackers. Unfortunately, while office cyber security has increased, this is not often the case at home and might not even be on the priority list of your estate,’ Knowles explains.

She adds that a pattern is taking shape when cyber security information is tracked. ‘The maps clearly illustrate that as each country’s Covid-19 score rises, so does the number of cyber-attacks.’

Fending off attacks

1. Ensure your devices at home are password protected and enable two-factor authentication (i.e. protecting your account with both your password and phone).
2. Change your home router access username and password.
3. Check that the kids’ gaming devices are secure.
4. Read your estate living policy guide to ascertain which measures are in place.
5. Request a cyber incident plan should any information be comprised on the database, and find out what your estate’s response plan is.
6. Look at the type of CCTV cameras and biometric devices used, then ask what happens when they are comprised and what the backup plan is.

Rest insured

Knowles says that consumers are progressively taking advantage of the cyber insurance packages now on offer (davinciforensics.co.za), and she foresees a rise in both business and personal cyber insurance.

‘As technology evolves, scammers change their modus operandi. These organised syndicates are professional and very skilled,’ she says.

Dealing with a security breach

Itec SA cyber security product manager Ria Mey says in case of a breach, all staff members should be notified, and a case logged with your cyber security insurance carrier.

‘To keep an attack from spreading, filter and block traffic, isolate the effected machines or disconnect internet completely. Maintain your firewall settings and change all passwords.’

Mey says all residents should be informed when a security breach has been detected. ‘This is imperative, as everyone needs to investigate whether they have been effected, including staff and vendors.

‘They will also have to assess the situation to determine which information was accessed – confidential data such as full names, addresses, ID numbers and banking details – before everyone is informed accordingly.’

Act according to the Act

In terms of section 22 of POPIA (Protection of Personal Information Act), where there are reasonable grounds to believe that the personal information of a data subject has been acquired by any unauthorised person, the responsible party must notify the Information Regulator and data subject, unless the subject’s identity cannot be established.

The responsible party may only delay notification of the data subject if a public body responsible for the prevention, detection or investigation of offences, or the Information Regulator determines that notification will impede a criminal investigation.

Notification must be in writing and communicated to the data subject in a prescribed manner, and must provide enough information to allow the data subject to take protective measures against potential consequences.