Hacking Scams – who is liable?

Hacking scam attempts occur more often than is realised, especially in smaller business environment.

It would be foolish to assume that SMME’s are not targets for cyber-attacks and hacking scams. Sure, it may have a smaller impact than it would have on a Fortune 500 company, but it is all relative. SMMEs are often an entry point into these larger businesses since the security investment by smaller companies is far less than their larger counterparts. It is said “Show me your budget and I will tell you what your priorities are” and nothing rings truer when it comes to investing in security.

So, the big question is: Who is liable should a hacker violate my clients’ data?

In a recent investigation into cyber-attacks which affected many millions of US Federal Citizens’ private information, it was not clear where the blame would reside when Chinese hackers managed to infiltrate what was supposedly tight firewalls.

How to prevent confusion about who is liable?

It needs to be clear before you sign up a client – who is liable for lost data, stolen data, and heaven forbid, data used in the process of identity fraud.

Every day we, as individuals, are opening ourselves up to the potential risk of having our personal information hacked.

Let us take Facebook as an example. How many people do you know that have had their profile copied – maybe two? Are the owners of FB held responsible? No – because their policies are very clear.

You cannot afford to be known as the company that won’t take responsibility for your customer’s data being at risk or carry the reputation damage from being hacked.

What are hackers looking for?

  • Email addresses
  • Profile details, whether it be Skype, Facebook, gaming profiles, software license information
  • Payment information, obtained from companies such as PayPal, Amazon, eBay, bank accounts and others
  • Invoices and methods to impersonate your suppliers which result in payments into the wrong bank accounts
  • Hackers will also encrypt servers and files with the promise of decrypting the data if their ransom is paid, commonly known as Ransomware (normally in a digital currency such as Bitcoin).

How to avoid the “who is liable” dilemma?

It is crucial for companies to take responsibility for managing their security risk. A layered approach is the only solution.

Enhalo (Pty) Ltd (previously known as Evolv Networks) has partnered with the best in industry protection to create Advanced Threat Protection which provides the layers of protection needed.

This protection includes application behaviour monitoring to disable trusted applications which behave in a malicious manner. It further provides security update management for Windows and 3rd party products such as Java and Adobe which are easy entry points into systems when they are not updated. Weaponized attachment and web link scanning provides further protection for email-borne attacks, including CEO fraud attempts which impersonate senior management to affect payments to suppliers.

The last layer is the human element where proper training provides staff with the knowledge to be the final barrier.

No solution is immune to attacks, but it is the responsibility of the business to make it as difficult as possible.

If you don’t know how you would handle a hacking scam, then you need to consider a professional partner who does. Evolv Networks can ensure that your current setup is full-proof, so that you don’t need to worry about who is liable or not. Contact us today.

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack alerts
Must Know Cyber

Cyberattack Response Checklist

In the high-stakes chess game of digital security, a single misstep can lead to checkmate by cyber adversaries. As we

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: