Cyber Security Is Bound To Make An Impact In Your Business

Have you ever been scammed? If not, you have probably received a phone call or message carefully crafted by fraudsters with either an emotional appeal, suspicious links to click on, or claims of wrongly sent mobile money which wasn’t sent. Isn’t it interesting how cybercriminals get into your head and lead you to dark lanes of information or financial theft? Don’t be a victim. You can protect yourself and your business from malicious attacks by staying alert.

That said, what is Cyber Security? It is the protection of internet-connected computers and/or mobile devices from unauthorized access, abuse, fraud, or crime; components collectively known as cyber-attacks or cybercrime. Here are some of the common types of cybercrime:

  • Phishing - Fraudulent attempt to obtain sensitive personal information
  • Social engineering - The art of manipulating persons to give up confidential information
  • Sim Swap Fraud - Unauthorized takeover of a victim’s phone number
  • Malware attacks – Compromising technology devices using software specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
  • Hacktivism - the act of misusing a computer system or network for a socially or politically motivated reason.
  • State-sponsored cyberattacks – Cybercrime carried out by states for intelligence gathering or espionage purposes

The harsh reality is that anyone, whether an individual or a corporate, can be a victim of cybercrime. Apart from financial losses, cybercrime can result in serious reputational damage, especially for corporates,  whose effects are carried on for years.

A currently common mode of cybercrime is the sim swap fraud where cyber criminals hijack a victim’s cell phone number and use it to gain access to sensitive personal data and bank accounts through Mobile Banking Apps. Once they take control of the swapped SIM card, the crooks access the financial accounts of the victim, having socially engineered credentials or information that could facilitate account resets, and transfer all the funds to other scammed telephone numbers.

With the high rate of adoption of technology and digitization, especially during the current COVID-19 crisis, cybersecurity is a hot topic to arrest. Fraud activities are on the rise now, more than ever and businesses have to rethink their measures. An Africa Cybersecurity Report 2019/2020 by Serianu – a Pan-Africa-based cybersecurity and Business Consulting firm, shows that malware attacks are expected to rise, and in particular, locally developed or re-engineered strains.

The same report also reveals that Kenya's economy lost more than Kshs. 29.5 billion from cyber-attacks in 2018. According to an article by the Business Daily in February 2021, The Communications Authority of Kenya (CA) data showed that more than 56 million cyber threats were detected nationwide in comparison to 37.1 million in 2019. The CA further expounded that a majority of the threats were malware attacks at 46 million, followed by web application attacks at 7.8 million while 2.2 million Distributed Denial of Service (DDoS) threats were detected during the same period.

Evidently, there’s a need to develop diplomatic strategies to curb financial losses and information system vulnerabilities, thereby improving/earning customer trust. This said the top priority for a business is safeguarding its assets and client information from unauthorized access. 

So why is cybersecurity bound to make an impact on your business?

  • It is now a requirement. Businesses are now bound to be cautious because there are legal consequences of cyber-attacks. Recently, Governments around the world have enforced data protection laws to safeguard client information. The Data Protection Act No. 24 of 2019 in Kenya reveals the provisions for the regulation of the processing of personal data; for rights of data subjects and obligations of data controllers and processors; and for connected purposes. The Computer Misuse and Cybercrimes Act of 2018 establishes various offenses including unauthorized interference or interception of computer systems programs or data, false publication of data, cyber terrorism, identity theft and impersonation, phishing, computer fraud among others, that corporates should protect their customers from.
  • A Mitigation/contingent plan against reputational damage is important now, more than ever. In this digital era and in an ever-competitive marketplace, it is important to uphold great customer perception. As a business, the more transparent you are towards mitigating cyber risks and solving crises when they occur, the more competitiveness you gain. Your customers, shareholders, and other stakeholders want to feel a sense of security and that they can trust you – otherwise they will leave. Reputation and customer retention, therefore, go hand in hand. In this cyber age, it matters what your relevant internal and external stakeholders think about you because it affects your sales funnel and trust score in the long run. Transparency should therefore be your key focus towards upholding the reputation of your business.
  • Technology is ever-changing, which means that malicious attacks are also evolving as well. There is no gainsaying the essence of reinforcing the security measures to mitigate any future surprise attacks. As a business, ensure that you stay vigilant of emerging data breaches/threats and seek advice from experts when necessary. It is therefore important to implement cybersecurity practices that not only protect your business information but your customers’ information as well.

In this fourth industrial revolution, you must remain mindful of your cybersecurity and that of your business. We are on your side!

What to consider when setting out an investment

If there is one thing you can never get enough of; it’s investment advice. There are many factors that you need to think in-depth and consider before making that investment decision. Truth be told, investment opportunities can go two ways: you either end up fulfilled or devastated. Think about the get-rich-quick schemes that you have heard of or experienced in your lifetime. Have you ever fallen victim to such scams? If yes, when you look back, did you sense that gut feeling not to proceed or do due diligence but you still went ahead and invested your hard-earned money? Sorry for your loss. We have all lost money in one way or another, if you haven’t yet, take the pointers we will talk about here. Investment strategy One principle question you should always ask yourself whenever you have an investment decision to make is; what is my motivation? Establish a motive, create a sensible investment plan and follow through with it. Some of the reasons could be to: Start or expand your business Create funds to build a dream home Build generational wealth Create funds for retirement Create a pool of accessible emergency funds or savings Make charitable donations Research and due diligence Let logic as opposed to emotions guide you in making that decision, and, confirm the accuracy of the information and investment value before committing. Research into regulations surrounding a product including taxation, charges, past performance, management of a company, and future strategy. Keep yourself updated with current affairs to ensure that you do not miss out on opportunities to leverage on an investment. Risk appetite. What is your risk appetite? Are you risk-tolerant (willing to take high risk for high returns?) or risk-averse (reluctant to take high risks/ prefer average returns with low risks)? We are living in changing times where the financial markets are ever-changing and controlled among other things by governments, speculation, demand vs supply, inflation, international transactions, and even recently global pandemics as we have witnessed. Ensure to weigh the risks relative to the costs, duration, and returns on the investment. Opportunity cost. Let me shed some light on this. Imagine your friends have been talking about taking an exquisite vacation to Lamu. Are you willing to give it up because you heard about this lucrative piece of land that has just been offered at a discounted price and the amount could go into buying the land? Now, the opportunity cost of buying the piece of land instead of taking the vacation is the cost of the vacation. This brings us to the question; could you be missing out on alternative investment options while sticking to the current ones that may not be as progressive? Time and time value of money Time is always of the essence when it comes to investment. How long are you willing to lock up your investment to make your target or desired goal in the short or long-term? Investments should also be able to mimic your ideal portfolio and timeline. The value of money erodes with the passing of time, ensure that your investment is earning a return and of course within reasonable limits and risk. Also, the earlier you start investing, the more you reap and the better it is for you to be able to compound your earnings. Investment capital. There is no gainsaying that this determines your choice of investment. However, this does not mean that you should limit yourself e.g. those with low investment capital may look at collective investment schemes e.g. Unit Trusts, Chamas (investment groups), etc to invest in securities where the minimum investment amount might be limiting to individuals. Nowadays you can also take advantage of financial help and offerings such as loans, letters of credit, trade finance, asset finance, and many more options. Take your time to understand the terms, conditions, and risks involved as well. Always make informed decisions. You can always seek professional assistance where necessitated. Remember, “An investment in knowledge pays the best interest.” ~Benjamin Franklin. You can now confidently walk into February ready to make an informed decision to invest in that business or opportunity. All the best! We are on your side!

E-commerce measures merchants should take to protect their customers from frauds

Hey, hope your well. From my end all has been well… Last week as I was making a purchase online, It occurred to me how e-commerce sites make purchasing products so easy and convenient yet they can also be a gateway to fraud.

Come to think of it, there has been a lot of public awareness and sensitization on how to protect oneself from cybercriminals. However, the question is, when it comes to online shopping, what can ecommerce merchants do to protect their customers from fraudsters? In as much as e-commerce sites have multiple security features on their sites, some of the red flags to watch out for include:

- Multiple declined transactions, especially in cases where the user keeps on entering the wrong card details or there are insufficient funds… It may be common for a customer to enter wrong card details once or twice but anything more than that should raise eyebrows.

- Multiple orders from multiple credit cards from the same user within a short period of time.

- Multiple shipping addresses. The buyer makes multiple purchases under the same billing address but ships products to multiple destinations. A merchant can seek authentication from such a shopper just to be sure that this is not a fraudulent activity.

- Large orders from a new country/ location: From your previous data you’ve never received site visits or purchases from a particular country then all of a sudden there is a string of orders from that country. Do a careful assessment before you allow the purchase process to continue.

- Multiple orders originating from multiple geographic locations and different IP addresses within a short period of time. E.g. a customer always makes a purchase from Nairobi from a specific IP address but you notice a purchase origination from Mombasa from a different IP address.

- Transaction value outside of a customer’s profile. For instance, customer who on average spends Ksh 50,000 on his purchase then all of a sudden makes a purchase order of ksh 700,000 should be considered suspicious.

- Inaccurate data: You may find the customer’s email address doesn’t match the IP address or the zip code doesn’t match the country.

- Multiple transaction over short period of time. A customer making back to back purchases in a day or two should be treated with suspicion. The merchant should contact the buyer just to ascertain that the purchases are indeed legit.

These are just but a few red flags indicative of fraud that a merchant should pay attention to. Remember that as you enhance your site’s security features, cybercrime is also evolving. Therefore, always be on the lookout for such suspicious activity and where necessary put in place mitigating controls. These may include withholding suspicious purchases and additional identity verification of customers via one-time passwords to the customer’s registered contact information.

As I conclude, fraudsters prey on loopholes to make their kill. #KaaChonjo and help protect your customers from cybercriminals.

Yours faithfully

IMBA