This communication is aimed at reminding you of the constant and ever-growing threat posed by cyber-criminals. We continue to witness cyber-criminals hard at work, targeting private individuals and the business environment alike.
A prominent modus operandi continues to be the illegal interception of legitimate email accounts flowing from phishing attacks. Phishing is when cyber-criminals send fraudulent (fake or deceptive) messages designed to trick their human victims into revealing sensitive data or deploying malicious software. This frequently takes the form of fraudulent banking account details being offered in what looks like “legitimate e-mail” communication, but in reality, this email has been intercepted by cyber-criminals.
Available research and case studies continue to show that the human factor remains a weak link as e-mail communication received is not sufficiently scrutinized and therefore it can contain links that can compromise an account or network. Also, in various instances, independent verification of important data, such as banking details before money is paid over, is not done.
Imply I.T. (Pty) Ltd is calling on our customers to take this growing threat seriously and must ensure that:
- Business processes are in place and enforced to prevent anyone from falling victim to cyber-criminals.
- Ensure that verification processes are in place specifically when receiving banking data, and personal information through email, verbal or other communication. In this instance, do not rely on the accuracy of contact details provided via email communication, rather make use of your own verified contact list.
- Apart from having verification protocols in place, do not use e-mail to communicate sensitive information, such as usernames and passwords. An alternative would be encrypted instant messaging systems, such as WhatsApp, which should only be used when you have VERIFIED the person on the recipient side.
- When having to log into an electronic system, like your e-mail, the utilization of Multi-Factor Authentication (MFA), which provides an additional layer of security, remains in our opinion a necessity and should no longer be regarded as an optional extra. We will therefore enforce the utilization of MFA for all Microsoft 365 customers from 1 February 2023. Should you opt not to implement this additional layer of security on your account(s), we will request signed confirmation that you have been informed of the associated risks in not implementing this additional layer of security. Imply I.T. (Pty) Ltd will not take responsibility for any breach or loss of data unless it is due to an act of gross negligence on our part. We will soon makecontact with you on this matter.
- Ensure that you undergo regular cyber-security awareness training to limit the risk of cyber-criminals gaining access to individual user accounts or even an entire network.
- Call our office and log a Ticket immediately should you believe you have compromised login details.
Imply I.T. (Pty) Ltd will in due course make contact with you and request that you nominate a staff
member that will serve as a nodal point to act on your behalf when we need to verify sensitive
information (including banking details, the authenticity of requests for password resets) via an
encrypted messaging system which we are setting up.
We have not changed our banking details or any of the data that you have on file for us. Should you receive any request for changes to be made, kindly verify directly with our office the veracity of such.
As always, the Imply I.T. Team remains committed and is ready to provide you with professional and efficient IT services.
Thank you,
The Imply IT Team.