A cyber security expert has warned that a global cyber ransom attack has spread to South Africa this week.
”We need people to understand that they must not open mail or attachments from senders they do not know,” Roi Shaposhnik of Johannesburg-based Gold N’ Links Cyber, was quoted in News24.
Describing it as the biggest cyber-attack in history, Shaposhnik said syndicates around the world targeted a weak spot in Microsoft security updates which lead to a massive crash. This type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data.
Microsoft released a patch (software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.
The ransomware demands users pay $300 (R3 924) worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.
How can you protect your computer and your travel agency from cyber-attacks and hackers?
- Be careful on social media
Shaposhnik warns people should be cautious on social media because it is not uncommon to track Twitter or Facebook posts to tailor an attack on those platforms. He urged Facebook and Twitter users to keep their accounts closed to all but friends they know, and to not open links from unknown sources.
- Be wary of unknown e-mails
Everyone should take extra precaution when opening emails from unfamiliar senders. This includes coupons, vouchers and any discount emails that you were not previously aware of.
- Get knowledgeable
Educating the entire company on the different types of cyber risks (e.g. spearphishing, vishing, typosquatting, etc.) goes a long way to protecting your travel agency. This training should be ongoing, as the security threat landscape is constantly changing.
- Create SOPs
Create standard operating procedures (SOPs) to minimise the threat of phishing scams and to identify legitimate requests.
- Install spam filters
Have strong spam filters in place to minimise inbound malicious emails.
- Update software
Keep anti-virus software and firewalls updated 24/7 since hackers are always looking for new ways to infiltrate your computer and network.
- Conduct tests
Conduct random testing with mock phishing scenarios.
- Back up regularly
Be sure to backup on a regular basis to ensure you always have your files stored on the cloud or an extra external platform.