Might as well face it
Your data has already been compromised, but the good news is: you can protect yourself against future breaches through knowledge and experience.
Perhaps you think it’ll never happen to you, but here’s a hard truth: your personal information has been compromised and is likely already for sale on the dark Web.
The bad news is, there’s not much you can do about it. The good news is, you can protect yourself against future and further breaches.
Before we get into that, here’s some context: The threat of cybercrime in South Africa has never been more severe. SA has the third-highest number of cybercrime victims worldwide, and the country loses about R2.2 billion a year to cyber attacks.
Breaches affecting major companies, including Liberty, Ster-Kinekor, Master Deeds, ViewFines and Facebook, have exposed the information of millions of South Africans.
Don’t think you’ve been affected? Think again.
Your personal data is broadly available online.
On how many Web pages have you entered your e-mail address, phone number and birthday to sign up for new services, open accounts or download a free e-book? And on how many of these sites have you used the same or similar passwords?
The reality is that any information that is connected to the Internet is vulnerable to theft. And it doesn’t take much for a hacker to compromise your data, to sell it on the dark Web or use in social engineering attacks.
Wait. The dark what?
The mainstream Internet that you access every day represents 3% to 4% of the actual Internet.
Underneath this sanitised ‘public’ layer is a massive marketplace for stolen data, personal information, trade secrets, intellectual property, explicit content, and malware. Welcome to the dark Web: a hidden network of Web sites that’s inaccessible by normal Web browsers and represents about 93% of online content.
It’s not all bad. Intranets, online databases and member-only sites also live on the dark Web. But it’s mostly bad: a haven for illicit activity and a playground for cybercriminals. You need special resources to access it and those who do almost always mask their identities.
Anonymity is the dark Web’s most appealing factor, and if you’ve ever been a victim of a data breach (and you have), this is where your information lives. Plus, it has probably changed hands a few times.
You’re just a number.
Cybercriminals target specific data types, and no, it’s not your credit card details.
Why? Because credit card transactions are closely monitored by advanced banking systems, anti-fraud teams and high levels of monitoring expertise. It’s quick and efficient for banks to identify and limit transactions that are not verified by two-factor authentication.
That’s not to say that cybercriminals don’t want this information. They do, but they’re not willing to pay big bucks for it. The going rate for a credit card and CVV number on the dark Web is about $5. Your ID number is worth just $1.
So what are they willing to pay good money for? Your phone number, e-mail address and username.
These have nowhere near the same level of sophisticated monitoring and intervention as credit cards. And, while it’s easy to replace a compromised credit card, it’s a hassle to get a new phone number or e-mail address.
Hackers know this, which is why the exploitation of legitimate e-mail addresses and cellphone numbers can go undetected for months or years. It’s also why information in general is more valuable that a single transaction on a credit card.
Once they have your information, hackers sell it to businesses for marketing purposes or use it for more nefarious activities, like fraud.
How to stay safe(r)
So, assuming your information has been stolen, how can you protect yourself online? Knowledge and experience. The more you know, the safer you’ll be. Here are some top tips:
- Passwords. You already know this. Choose strong ones and change them regularly.
- Clicks. Phishing and social engineering attacks are still the most common hacking methods. Don’t click on links in e-mails. Don’t open attachments from people you don’t know. And, if you get an e-mail from someone you do know but it seems off, pick up the phone and ask. They might have fallen victim to an impersonation attack.
- Accounts. Monitor your bank account carefully. Flag unusual transactions immediately and block any compromised cards.
- Silence. Be secretive. Don’t dish out your information to callers or respond to unsolicited e-mails.
- Scepticism. Don’t be tricked into a dark Web scan. Service providers, some of them scrupulous, others legitimate, claim to be able to scan the dark Web for your information. But it’s simply not possible to scan the entire dark Web in 10 minutes. At best, these scans give you a false sense of security by scanning publicly available database lists, but these only account for a fraction of the dark Web. Just because your information isn’t on these lists, doesn’t mean it isn't stored elsewhere. (At worst, a scammer could pose as a service provider and actually add your information to the dark Web.)
There’s no way to guarantee your safety online, but you can prevent yourself from becoming a soft target. Learn about the risks, educate yourself, and be less trusting.
About the author
Brian Timperley, CEO And Co-Founder: Turrito Networks
Brian is the CEO and co-founder of Turrito Networks, a telecommunications and technology provider delivering solutions to mid-market and corporate businesses throughout SA. After several years in engineering and technology firms, Brian joined one of SA’s largest telecoms companies in 2005, managing some of the largest multinational businesses in SA.
It was during this time that Brian and his co-founder, Louis Jardim, saw an opportunity to provide better and more scalable solutions to the mid-market in SA. In 2010 Turrito Networks was formed, and Brian and Louis secured an investment stake from JSE-listed business MICROmega Holdings. In 2012, they acquired a virtualisation business named CloudWare, and in 2013 designed and developed CloudGate, a desktop replacement computer for businesses and education institutions.
More recently Turrito Networks acquired the well-known IT services and support company, Dial a Nerd (Pty) Ltd, and a business intelligence company now known as Turrito Analytics.
In just over nine years, Turrito Networks has become one of the most influential technology aggregators in the country, delivering connectivity, managed services and cloud solutions to over 600 corporates, education and financial institutions, as well as over 50 municipalities throughout SA and into Africa.
In his role at Turrito, Brian is responsible for building and executing overall strategy, with a high level of involvement in product innovation and commercial strategy. Successes include Vodacom’s CEO Award 2014 and 2017, Vodacom's Partner of the Year for nine years running and Fastest Growing Partner from several of the top ISPs in SA.
Turrito services over 600 mid-market and corporate businesses throughout the country, and has built and acquired four subsidiary businesses specialising in Virtualisation, Hybrid Computing, IT Support Services and Business Intelligence.
Company: Turrito Networks PTY (Ltd), a Sebata Holdings Company
Location: Brian is based in Sandton, Gauteng