Quishing – Bypassing Phishing Security Measures

The Growing Threat of QR Code Phishing

QR codes have become an everyday feature of transactions, providing one click access to websites, product pages, and social media accounts. But with this convenience, a new cybersecurity threat has emerged: quishing, or QR code phishing. 

This criminal technique involves hackers embedding malicious URLs in QR codes to trick users into compromising their personal or company data.

Here’s a look at the ins and outs of quishing and how to use QRs safely. 

Cracking the code: how hackers create fraudulent QRs

QR codes are all over the marketplace, from restaurant menus to payment systems, and even multi-factor authentication. However, their widespread use has also made them an appealing tool for attackers. 

Unlike traditional phishing emails, quishing bypasses many email filters and firewalls because the malicious link is hidden within an image rather than plaintext. This makes it harder for legacy software to detect and block.

  • A typical quishing attack usually involves a scammer placing a fake QR code sticker over a legitimate one. You may even find one on a  parking meter, ATM, or restaurant table.
  • When scanned, the QR code directs the victim to a fake website that looks legitimate, prompting them to log in, make a payment, or enter sensitive information. 
  • In the worst case scenario, the QR code might trigger the download of malware that compromises a user’s entire device.

Quishing is especially dangerous because of  the high level of trust that users have when scanning a QR code. Many of us don’t double check QR codes the way we do suspicious links or attachments, opening the door to opportunistic attacks. 

This complacency, combined with a lack of visual cues about where the QR code leads, increases the risk of falling for these scams which are becoming more prevalent across SA. 

How to use QRs safely and avoid quishing 

As cybersecurity experts, we recommend several best practices to reduce the chances of a quishing incident: 

  • Know Your QR. Always verify the source of a QR code before scanning it.
  • Educate Employees. Raise awareness about the risks associated with scanning unknown QR codes, especially those received via email.
  • Use Advanced Email Filtering: Email security solutions that can detect and block emails containing malicious QR codes are essential today. 
  • Make Secure QR Code Scanners Mandatory: Direct the use of QR code scanners in your office that can preview URLs before opening them, helping to identify potentially malicious links.

Stay ahead of quishing attacks with secure cloud storage 

As technology evolves, so do the methods used by cybercriminals. To stay a step ahead of them, businesses should ensure that their data is fully backed up and encrypted, and that’s where our cloud storage packages come in. 

Click the button below to explore our range of data protection solutions for businesses of any size. 

Learn More

Microsoft Email Security – Online Backup

Microsoft doubles down on email security

Email continues to play a central role in South African business communication, with 24% of local consumers  still preferring emails over call centres and chat support in 2024. Unfortunately, that also makes it a primary target for cybercriminals.

In response to rising cyberthreats and phishing risks, and hot on the heels of recent changes by Google and Yahoo, Microsoft is stepping up its security game. The company has announced major enhancements to its email authentication requirements for large volume email senders, signalling a broader industry shift toward more secure, verified communication across the board.

Here’s a look at the upgrades to Microsoft email delivery and what they mean for your business communications.

SPF, DKIM and DMARC Explained

The core of Microsoft’s update comprises three essential protocols: SPF, DKIM, and DMARC. While they aren’t new technologies, Microsoft’s reliance on them reinforces just how vital they’ve become. But what do they mean?

  • SPF (Sender Policy Framework) specifies which servers are allowed to send mail on behalf of your domain.
  • DKIM (Domain Keys Identified Mail) adds a cryptographic signature to each email to verify it hasn’t been tampered with when it arrives.
  • DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on SPF and DKIM, giving domain owners visibility and control over unauthenticated messages.

Together, these protocols dramatically reduce the risk of spoofing and phishing: two of the most common email-based threats businesses face today.

Email Risk Reality Check

Protocols won’t help if you’re still sharing your email address

Microsoft’s focus on external protections is great news for business email users, but there’s another vulnerability that often flies under the radar: shared email accounts.

If your staff still share your mail accounts, they’re not alone. The practice is still surprisingly common in many small and mid-sized businesses, and it’s a major security weak spot.

  • When multiple users access a single account, it often leads to simple, widely shared passwords which are an open invitation to hackers.
  • With shared accounts, there’s no clear accountability. If something goes wrong, including compromised data and sensitive file leaks, tracking the source becomes difficult.
  • Since shared accounts can be used by several people across devices and locations, they’re more susceptible to phishing attempts and misuse.

Discontinuing shared accounts should be priority number one for every business. 

The next step is to assign individual accounts with strong passwords and multifactor authentication. These simple changes can make a big difference when it comes to preventing cyber incidents.

For businesses looking to take their security to the next level, cloud-based solutions are an ideal final step. Not only do they support modern authentication protocols, but they also offer robust, scalable storage that keeps your data safe and accessible both in the office and remotely.

Ready to secure your emails and files?

We’re ready with a one click solution

Email security is no longer optional. With Microsoft leading the charge, now’s the time to review your setup, tighten up internal practices, and upgrade to smarter tools like Acronis-powered Total Data Protection to secure your critical data, be it on-premises, in the cloud or a hybrid environment.

Click the button below to explore our cloud storage packages and start building a safer, more efficient digital workspace today.

Find out more

Data Ownership – Cloud Backup


Who Really Owns Your Personal Data?

Cyberattacks and data leaks make headlines almost weekly, leaving internet users in South Africa and around the world concerned that their personal information may be at risk. 

Investing in high-end digital security, including secure cloud storage, is a great way to keep your information safe.

But have you ever considered the possibility that what you think is your data might not legally belong to you at all?

South Africa’s Protection of Personal Information Act (POPIA) offers wide-ranging protections for privacy and sensitive data. However, one thing it does not do clearly is define ownership of personal data.

Legal expert Professor Donrich Thaldar from the University of KwaZulu-Natal recently published an extensive research paper on this issue, with a simplified version appearing in media reports. 

According to Thaldar, POPIA regulations (which are situated at the intersection of privacy and property law) present a complex web of rights and obligations. 

This legal obstacle course must be navigated by both the originators of sensitive information and those who think they own it, in order to establish any rightful claim to the data in the first place.

The Legal Ambiguity Around Data Ownership

The word ownership is usually associated with some kind of property, be it a business, a home, a vehicle, or financial assets like cash and investments. 

For tangible assets like these, property law lays out the rules for possession, trading, and consequences for unlawful acquisition through theft or fraud. But when it comes to data, the legal waters become murkier. What kind of asset is it, exactly, who does it belong to, and who can claim it?

Thaldar’s research explores the dual nature of data, as both a type of information and a form of property that can be owned, sold, or stolen. 

The study points out that POPIA doesn’t provide an explicit definition of data ownership, a fact that further complicates matters.

  • While POPIA is extremely detailed when it comes to data protection, distribution, and the penalties for mishandling personal information, it remains vague on the issue of who actually owns that data. 
  • According to Thaldar, data in its raw form-as information – likely cannot be owned by any one person, just as no one can claim ownership of the entire ocean. 
  • However, a specific instance of data like a file created by an individual or organisation can be viewed as a unique item of possession. This is similar to someone owning a single bottle of water, rather than the ocean itself.

The Impact on Your Data Security and Bottom Line

The ambiguity around data ownership has real implications for organisations that generate data containing client information. 

Does the data belong to the company, since it created the file? Or does the client have a claim to it, because the file contains their personal information?

While POPIA clearly states that individuals have a right to data privacy and that companies are obligated to take reasonable steps to secure this data, ownership of the actual file or dataset may still reside with the company that created it.

As with many newer laws, a clear legal definition of data ownership under POPIA may only emerge once the matter is brought before a higher court. 
In the meantime, both companies and individuals need to remain vigilant and take steps to ensure that sensitive data doesn’t end up in the wrong hands.

Find The Perfect Solution For Your Business Data  

With cybersecurity incidents on the rise and hefty fines or even jail time associated with violations of POPIA, every South African business should make the protection of its sensitive files a top priority.

Our range of secure cloud storage solutions, including Total Data Protection, can help your business stay safe and compliant.  Click the button below to learn more.

Learn More

Reliable Cloud Backup – Soteria Cloud

Ensuring Data Integrity with Reliable Cloud Backup Solutions

What’s the biggest threat to company data? Most internet users would probably say hackers or cybercriminals.

While there’s no denying that digital theft and fraud pose serious risks, a surprising number of data breaches are frequently caused by something far more mundane: misconfigurations and simple human error.

As technology evolves, with new applications and protocols introduced every year, the risk of incorrect settings creating vulnerabilities continues to rise. 

Fortunately, a robust and secure cloud backup solution can help protect your data – even if your system settings aren’t flawless. Let’s explore the dangers posed by internal vulnerabilities and how a secure cloud storage service can reduce your risk.

How Internal Vulnerabilities Threaten Data Integrity

If your business data isn’t managed according to best practices, you’re effectively making life easier for cybercriminals. There are three common issues businesses need to be aware of:

1. Human Error

Regardless of how sophisticated your cybersecurity software is, human error remains one of the leading causes of data breaches, particularly in an era where social engineering and other attack types are on the rise. 

Cybercriminals often trick employees into revealing sensitive information or login credentials. But even without malicious intent, simple misconfigurations can create gaps in your system’s defences, exposing your business to attack without anyone realising it.

2. Malicious Insiders

In more serious cases, employees may intentionally leak sensitive information or pass credentials to bad actors with intent to harm the company. 

This type of threat intersects both cybersecurity and HR policies and can result in legal disputes or even criminal charges. However, by the time these cases are discovered, the damage to your business may already be significant.

3. System Failures

Not all data loss is the result of human behaviour. System failures, software bugs, hardware issues, and configuration errors can all corrupt or delete critical data. 

This risk is further heightened by load-shedding, which increases the chances of sudden failures unless a secure, offsite backup system is in place.

4. Compliance Risks

With the introduction of the Protection of Personal Information (POPI) Act, all businesses that handle client data face increased regulatory pressure. 

The law is designed to protect consumers’ privacy, which is a positive step—but it also means that businesses must be more diligent than ever in how they manage and store sensitive information. 

Non-compliance can lead to heavy fines or even imprisonment, so it’s vital for managers and business owners to ensure they remain compliant.

The Case for Cloud Backup

Given the risks outlined above, it’s clear that operating without a secure data protection strategy is an unnecessary gamble. Thankfully, cloud backup solutions offer an affordable and effective way to minimise your exposure.

What to Look for in a Cloud Storage Package

1. Automated Backups & Versioning

Regular backups reduce the risk of data loss due to human error. Versioning enables you to recover previous copies of your files in the event of accidental or malicious changes.

2. Encryption & Access Controls

Data should be encrypted both in transit and at rest to prevent unauthorised access. Strong access control policies ensure only authorised users can view, edit, or delete backups.

3. Redundancy & Geo-Distributed Storage

Your data should be stored in multiple, geographically distributed locations. This ensures availability even if one server goes offline and protects against local disruptions, cyberattacks, or load-shedding outages. 

You’ll find all of these features and more in our range of secure cloud backup solutions designed for businesses and budgets of all sizes.

The Tangible Benefits of Secure Cloud Storage

Choosing one of our trusted cloud backup packages, especially Total Data Protection, offers real peace of mind, with key benefits including: 

  • Ransomware Protection: Backups enable fast file recovery, even after a cyberattack. 
  • Regulatory Compliance: Stay aligned with POPIA, GDPR, and ISO data protection standards. 
  • Business Continuity: Minimise downtime with rapid data restoration in the event of a loss. 
  • Insider Threat Prevention: Recover deleted files and protect against malicious insider actions.

To find out more about our secure cloud storage solutions and ensure your business is protected, click below.

Get TDP

Cloud Misconfiguration Pitfalls | Data Breaches

Faulty Cloud Misconfiguration and Other Technical Errors

As the number of cyberattacks affecting South African businesses continues to soar, many IT specialists are coming to the realisation that it’s not only cybercriminals, but also faulty configurations and other technical errors that are to blame for data loss incidents.

It’s not uncommon for these technical errors to come to the fore in the aftermath of a cyberattack when the steps leading up to the incident are analysed. Unfortunately, by then it’s often too late.

Instead, we advocate a proactive approach, whereby companies study the most common configurations that have resulted in data loss at other businesses, and close as many loopholes as possible to avoid a similar fate.

In this article, we highlight some of the most common configuration mistakes that companies make, and how to correct them and pair these efforts with secure cloud storage before an incident occurs.

Unrestricted Ports and Services

Open ports are an open-door invitation for criminals to help themselves to your valuable data. Fortunately, resolving this issue is usually quite simple and provides a huge security boost without a large time or financial investment.

  • Leaving unnecessary ports open can provide attackers with entry points into cloud environments. 
  • Misconfigurations that result in unrestricted access to services can be exploited, leading to unauthorised data access or system compromise.

Excessive Permissions

Setting appropriate permission levels for team members can help prevent your data from falling into the wrong hands—even within the organisation. 

  • Multi-factor authentication ensures that only authorised users are able to access your network. 
  • Taking it a step further by assigning data and knowledge permissions only to those whose title and rank justify it is equally important.

Lack of Encryption

Failing to encrypt data at rest and in transit can expose it to interception and unauthorised access. Implementing robust encryption protocols is essential to protect data integrity and confidentiality.

  • Despite the rise in cyberattacks, a surprisingly large number of companies still do not have proper encryption protocols in place. 
  • This is especially dangerous for data that resides on file systems and user devices but has not yet been backed up in the cloud.

Migrating to a cloud-based storage solution that places virtually all newly created files in the cloud—using the latest data encryption technology—can help close security gaps and ensure that the most recent versions of important files are safe and accessible in the event of a cyberattack.

Consequences of Cloud Misconfigurations

The fallout from cloud misconfigurations can be severe, leading to financial, reputational, and legal damage to your business. Several high-profile cyberattacks have cost businesses millions in recent years.

On the global stage, American telecommunications giant AT&T agreed to pay $13 million to settle an investigation by the Federal Communications Commission (FCC) concerning a data breach that occurred due to a cloud vendor’s misconfiguration.

Closer to home, a report released in late 2024 indicates that companies in South Africa lost in excess of R350 million in the biggest data breaches of recent years. With the likes of

With Experian, Pam Golding estate agency, and several government agencies all having fallen prey to cybercriminals – and the Information Regulator warning that basic cyber safety measures, including security configurations, have not been taken in many cases—the potential risk of misconfigurations can’t be overstated.

The Importance of Regular Security Audits

Conducting regular security audits is vital to identify and rectify misconfigurations before they can be exploited. These audits should include:

  • Configuration Reviews: Frequently assessing cloud configurations to ensure compliance with security best practices, and making this part of company policy, can help detect weaknesses before they escalate.
  • Access Controls Evaluation: It’s essential to verify that access permissions are appropriately assigned, in line with “least privilege” allocations.
  • Vulnerability Scanning: Automated tools that detect vulnerabilities and misconfigurations within the cloud environment can save time and significantly reduce risk.
  • Incident Response Planning: A cybercrime response plan will help ensure that swift action can be taken in the event of a data compromise incident.
  • Secure Cloud Storage: Fully encrypted storage offers the ability to restore compromised data, even in a worst-case scenario.

Add an Essential Layer of Protection to Your Data with Secure Cloud Storage

Tightening your security configuration practices to make your data harder to access is a vital online safety measure — but it must be complemented by secure cloud storage to be truly effective.

Our range of data defence products for businesses of all sizes will help secure your data at a time when hackers are ramping up their criminal actions. Secure your data with us today.

Learn More

Estate Agency Data Breach – Cloud Backup Solutions

A Credit Bureau, an Estate Agency, and a Web of Cybercrime Intrigue

One of the country’s most prestigious real estate companies obtaining leaked customer information from the Experian data breach reads like a work of fiction. Yet this bizarre possibility is playing out in the media right now, with all parties involved scrambling to limit the damage to their reputations.

Real Estate Agency Pam Golding has been associated with luxury real estate in South Africa for decades, with the company successfully crafting a brand centred around exclusivity and the highest standards. 

However, a recent data incident concerning the company’s contact database is shining an uncomfortable spotlight on this well-known estate agent’s network and its potentially bizarre connection to last year’s Experian data leak.

Did property giant Pam Golding obtain information from a data leak?

One of SA’s best known companies’ handling of sensitive information was publicly brought into question recently when a cybersecurity researcher noticed a strange pattern of data ownership regarding their own email address.

The researcher, who is  extremely careful when it comes to online privacy, used a catch-all email address with various aliases when entering their information online – a practice that’s worth emulating in your own personal and business dealings.

So far, there’s nothing surprising in the story –  until you find out what happened next: the individual discovered that their email address had been compromised after Pam Golding revealed that a large chunk of its database had been subject to unauthorised access earlier this year, apparently due to stolen credentials. 

  • The perplexing aspect of this incident was that the individual had never provided Pam Golding with the alias email address they usually use online.
  • On further inspection, they discovered that the realtor had also sent them a direct marketing email several months prior, once again to the same address that had never been voluntarily provided. However, the same address had been part of the Experian data breach that affected millions of customers across the country. 

The awkward question that arises from all of this is: how did Pam Golding come to possess this email address, and how many other people’s personal information does the company currently hold without their knowledge? 

As cybersecurity experts, we can think of two possible explanations for what happened: 

  1. Pam Golding somehow obtained leaked personal information from the Experian data breach last year, or 
  2. Experian provided them with this information through official – if not legitimate – means.

As a reputable and large business, which is very much a household name across South Africa and even in neighbouring markets like Mauritius, it’s hard to imagine Pam Golding skimming the dark net for opportunities to buy leaked Experian data. 

The far more likely explanation is that Experian has been sharing the personal details of credit customers from its database with third parties for a fee. As such, it’s more plausible that Experian, and not Pam Golding, has serious questions to answer regarding the protection of personal data privacy.

Are credit bureaus doing a side trade in confidential client information?

The allegation that credit bureaus sometimes sell confidential information to other businesses may be disturbing but it’s not new. Dominic White, one of the country’s foremost cybersecurity experts, has been speculating for years that this is the case. 

Without accusing either organisation of wrongdoing, it’s not a far stretch to assume that something of this nature might have happened in a case like this.

Pam Golding declines to comment, citing POPI regulations

The media has reacted with an understandable measure of alarm in the wake of the Pam Golding and Experian accusations, and to date the real estate group has been tight-lipped about the details of the incident. It must be mentioned however, that Pam Golding took immediate steps to contain the breach, acting swiftly to secure their systems and removing all unauthorised access.

In an ironic twist, Pam Golding maintains that they’re unable to comment on any aspect of their clients’ data in order to remain in compliance with the Protection of Personal Information Act. 

This, despite the fact that obtaining sensitive customer information from a third party without the owner’s permission could likely constitute a breach of the Act itself.

Whatever the outcome of this embarrassing incident may be, the lesson for all businesses is clear: consumers are no longer willing to tolerate the mishandling of their personal information, and when companies are suspected of acting irregularly, the incident is likely to become highly publicised and do damage to their reputation.

Protect your data and your business reputation today

If this incident has given you cause for thought as to the best practices to follow in your own business when handling client information, we’d like to support you in creating a comprehensive data security approach that protects not only your information, but that of your clients. 

Our range of secure cloud storage packages, particularly our Total Data Protection offering, can help ensure that all customer information is kept safe and help you comply fully with POPIA. Click the button below to learn more.

Sign Up for TDP – Today

SASSA Vulnerabilities Report – Cybercrime

SA Social Security Agency Releases Report on Large-Scale Cybersecurity Breach

The South African Social Security Agency (SASSA) has released an in-depth report following a large-scale breach of its cyber defences last year which is alleged to have cost taxpayers an estimated R175 million. 

The findings raise serious questions about the cybersecurity protocols in place at government departments and suggest several key areas for improvement.

While the cyberattack on SASSA was significant, it was not unique. With organisations of all sizes increasingly falling prey to hackers and cybercriminals, the report offers valuable lessons that every organisation can implement. 

Let’s take a closer look at what happened, what the investigation uncovered, and how businesses can use this information to keep their own data safe.

Large-Scale Cybersecurity Breach Detected by University Students

When hackers breached SASSA’s defences, they helped themselves to an enormous sum of money which was ultimately financed by South African taxpayers. The hacking group N4ughtySecGroup, which claimed responsibility, alleged that the amount stolen exceeds R175 million. 

A troubling revelation for commentators and the public is that the breach wasn’t detected by the department itself. In fact it was first-year computer science students Joel Cedras and Veer Gosai from Stellenbosch University who stumbled upon it while working on a research project.

In the wake of their discovery, SASSA launched an investigation, with cybersecurity specialist Stanly Machote and auditing firm Masegare & Associates tasked with uncovering how such a critical security failure had occurred. 

The report, recently presented to Parliament, outlines the modus operandi of those responsible, though their identities remain classified.

  • The hackers exploited vulnerabilities in the Social Relief of Distress (SRD) grant system, which was introduced during the COVID-19 lockdown as a R350-per-month survival grant. 
  • The government later extended these payments as a form of universal basic income for struggling families. Unfortunately, due to the sheer volume of applicants, authorities appear to have been unable to track exactly who was receiving SRD payments or whether the recipients were legitimate.

In analysing how, when, and why the SRD system was compromised, the report commissioned by SASSA outlines the following vulnerabilities in the department’s security infrastructure:

  1. API vulnerabilities – No rate limiting allowed mass querying of ID numbers, exposing application statuses.
  2. Data exposure & fraud risks – Sensitive applicant details were accessible, and high application rates suggested possible identity misuse.
  3. Unauthorised applications & payments – Grants were linked to ID numbers of non-applicants, raising misallocation concerns.
  4. Unofficial websites & phishing threats – Fake sites collected personal data, leading to financial loss and compliance risks.
  5. Authentication & phone-related risks – Multiple applications per number, SIM swap fraud, and inadequate cellphone ownership validation increased fraud potential.
  6. Encryption & security weaknesses – Poor encryption, missing security headers, and weak content security policies left data vulnerable.
  7. System & server vulnerabilities – Weak portal security, misconfigurations, directory enumeration risks, and unencrypted communications exposed the system to attacks.

For tech experts, this list reads like a how-not-to guide for cybersecurity, highlighting just how much SASSA’s lack of basic security protocols contributed to the breach. A reliance on old technology made the system an easy target for cybercriminals.

The report’s bottom line recommendations are clear: a serious overhaul of the department’s cybersecurity framework is long overdue.

The Lesson for Businesses: Don’t Repeat SASSA’s Mistakes

It’s easy to criticise the government’s lack of cyber preparedness and see it as yet another example of inefficiency, but the reality is that many businesses- both large and small- suffer from similar vulnerabilities.

  • A full-scale cybersecurity audit may sound expensive, but for larger businesses storing vast amounts of sensitive client data, it could be a necessity rather than a luxury.
  • No matter the size of your business, one of the most cost-effective ways to strengthen cybersecurity is through secure cloud storage, fully integrated across all the applications your team relies on.

To learn more about our range of data security products, including our comprehensive Total Data Protection (TDP) System, visit our website today.

Cloud Backup for Business & Home

Get TDP Today

Cybercriminal Threat to SA – Cybercrime

South Africans Suffering at the Fingertips of Cybercriminals

It’s barely three months old, and already this year appears to be another troubling one in terms of cybercrime for South Africans. 

As SA retains its unwanted crown as the African continent’s biggest target for ransomware attacks, cybercriminals are becoming increasingly bold as they target major government organisations and corporations.

In this article, we lay out the facts surrounding the wave of online attacks facing the country and find out just what can be done to secure your personal and business data.

The worrying cybersecurity landscape in South Africa

Over the past decade, South Africa has gone from a relatively obscure target for cybercriminals to a region with one of the most active cybercrime activity levels. 

With ransomware attacks, phishing attempts, and credential theft on the rise, no business can afford to think that it’s safe from the malicious intentions of cybercriminals.

  • Despite accounting for less than 5% of Africa’s population, SA represents 40% of all cyberattacks carried out on the continent.
  • Client financial data, intellectual property, crypto wallets, and other valuable data are densely concentrated in South Africa’s relatively affluent and more developed economy, making it the ideal target for cybercriminals focusing on victims south of the Sahara.

In spite of reports of cyberattacks frequently appearing in the media, South African businesses remain inadequately prepared in the face of cyberattacks.  According to a 2024 security awareness report, organisations often rely on outdated antivirus software and rudimentary firewalls as their line of defence with inadequate online backup.

The extent of the country’s lack of readiness to deter cyberattacks has been on display again recently, with high-profile incidents affecting the South African Weather Service and National Laboratory Services over the past six months. 

As government struggles to secure its own data from hackers, small to medium-sized businesses are scrambling to establish data security protocols under the Protection of Personal Information Act (POPIA).

The good news: Cyber defence doesn’t require a multimillion-Rand budget

A common myth circulating in the SMB sphere is that cybersecurity is simply too expensive and complex to be practical for small businesses, and that hackers probably won’t bother with a small enterprise anyway.

Neither of these statements is factually correct. 

As business owners come to terms with the urgent need to beef up their online security, there are data security packages that can help substantially mitigate the risk of a damaging cyberattack and assist in data recovery if an attack does occur.

  • Small business owners who don’t have a technical background in IT are usually apprehensive about signing up for data defence packages that are overly complex and difficult to implement. 
  • At the same time, the current economic climate means that managers and owners are keeping an eye on costs. 

In this context, the ideal data security package is one that offers excellent protection, is easy to use for non-specialists, and can fit easily into a reasonable company budget.

Total Data Protection is a great fit for any company 

In response to the needs of business owners, Soteria Cloud has developed a total data protection package that offers next-level security powered by Acronis. Our solutions are easy to use, customisable for a variety of applications, and provide comprehensive data protection at a single competitive price. 

To learn more about our reliable data protection offerings, click the button below.

Get TDP


Cybersecurity Myths | Cybercrime

Cybersecurity Myths Busted: Separating Fact from Fiction in the Digital Age

The cybersecurity industry is a technical field that provides crucial data protection services to companies and households across the country. Like many highly complex services, a number of myths tend to circulate in the cybersecurity field and falling prey to them can be almost as damaging as a cyberattack itself.

In this article, we take a look at some of the misconceptions surrounding data protection, compared to the true reality of things based on the latest data, and suggest alternative approaches to enhance online security.

Cybersecurity Myth 1: An antivirus package is enough

While having updated antivirus software is an important part of cybersecurity defence, it is certainly not enough to repel today’s sophisticated online attacks. 

Social engineering, malware, and other types of unauthorised data access and theft often slip under the radar of antivirus programs, leaving your business exposed to major data loss and reputational damage. What’s more, outdated antivirus software can be a major risk for data breaches. 

Cybersecurity Myth 2: Cyberattacks don’t affect South African businesses

While South Africa faces significant cybersecurity threats, it is a global issue with widespread impact. However, given the huge potential for data loss and reputational damage, South African companies must be hypervigilant when it comes to cybercrime.

If this myth was ever true, it hasn’t been valid for a long time. As South Africa’s connectivity levels increase and are comparable to those of many advanced countries, the frequency of cyberattacks has grown significantly. 

In 2023, a Kaspersky report revealed that South African businesses experienced 300 cyberattacks in a single week, shedding light on the serious domestic cybercrime situation which has yet to improve. 

Cybersecurity Myth 3: Cyber defence is too expensive

If you think cybersecurity is expensive, the cost of not having it can be astronomical. Data
loss and corruption can cost a fortune in downtime, lost productivity, and reputational damage.

When client data is involved, the risk of POPIA Act compliance violations becomes very real. A number of organisations, including the Education Department which was fined R5 million over a Matric results data breach, have learned this the hard way.  

When compared to the potential costs of a cyberattack – ranging into millions of Rands – not to mention the fines incurred for failure to properly protect customer data under the POPIA Act, a monthly cyber defence package like our Total Data Protection offering is exceptionally reasonable.

Realistic solutions: how to keep your data safe

Now that we’ve busted some of the biggest myths about cyber defence, let’s take a look at some simple but powerful ways that your business can protect its data from cybercriminals.

Step 1: Limit access to sensitive files

Setting file permissions so that only users who absolutely need to access sensitive documents can view or edit them limits the potential number of employees that cybercriminals can trick into revealing sensitive data.

Step 2: Invest in professional-grade cyber defences

Secure cloud storage with advanced encryption technology and full customisability should be the benchmarks of any cyber defence system you choose for your business. By shopping around for the best suppliers, you’ll find that you can protect sensitive data without breaking the bank.

Step 3: Train your staff to become cybersecurity warriors

As cybercriminals increasingly target company employees to gain access to networks, every member of your staff needs to join the fight against hackers.

Investing in staff training for cyber risk management, so that your team is able to identify suspicious activity online and report it in time, could make the difference between a failed attempt to access your data and a huge, damaging data leak or cyberattack.

Find the solution that sets your business up for success

Not all solutions are equal, and not all are suitable for every company but there are a few questions you should consider in order to ensure that your security needs are fully met.

In asking the right questions you will be able to develop a cyber security strategy that is right for your business:

  • What regulatory or governance requirements do we need to adhere to?
  • Are we POPIA compliant?
  • What is our risk tolerance?
  • Can we afford the crisis our business would face in the event of a data breach?
  • How would this affect our employees?
  • Are we keeping our staff educated about cyberattacks?
  • Do we need cyber insurance to protect the company?
  • Have we made every effort to safeguard our data with reliable cloud backup and advanced encryption?

Soteria offers a range of affordable and cutting-edge cyber protection packages to meet the needs of any enterprise.

Head over to our services page for a full breakdown of our entire service offering, with rates tailored to suit every business.

Cyberattack Response Plan – Cybersecurity

The First 24 Hours: Your 7 Step Cyberattack Response Plan

Logging onto your device only to find that you’ve become the latest victim of the current wave of cyberattacks sweeping the country is one of the scariest moments for any internet user. 

When your data is on the line and time is of the essence, it may seem natural to panic, but that’s the last thing you should do. The first 24 hours following an attack is a crucial time window for limiting damage and restoring systems, and you’ll need a plan in place to respond effectively. 

By following the series of steps outlined in this article, you’ll be able to assess the scale of the damage, take proactive steps to mitigate data loss, and hopefully emerge from the cyberattack with all (or at least some) of your data and your company’s reputation intact.

How to React When Hackers Strike

The first thing to do after a cyberattack is to remain calm. Notify management of what has happened and start taking steps to assess and mitigate the damage by following this structured step-by-step incident response plan; Identify, Isolate, Notify & Protect, Analyse, Report, Reset, Protect.

Here’s what you need to do:

1. Identify the Attack

A ransomware attack typically starts with a message from the hackers, stating that your data has been compromised and providing further instructions, such as the ransom amount and how to pay it. 

Whatever you do, don’t even consider following these instructions until you’ve completed the next step.

2. Isolate the Affected Systems ASAP

Your priority following a cyberattack is to isolate the device or network that has been compromised. This means powering down and disconnecting the device from your network without delay. 

These steps may help to slow the spread of malware or ransomware to other devices in your organisation.

3. Notify and Protect Your Network

Alert key personnel such as your IT manager or outsourced networking consultant immediately. Once they are available, convene a “war room” with the IT department, management, and possibly legal and PR advisors to mitigate the potential damage to your network and your company’s reputation.

4. Analyse the Damage

There are several types of damage a cyberattack can cause: 

  • Financial damage from lost data and downtime
  • Damage to your computer network that may take time to restore 
  • Reputational damage that your business may suffer if the cyberattack becomes public knowledge. 

It’s important to realistically assess the worst-case and medium-case scenarios and start fixing the damage as soon as possible.

5. Report the Incident

Cyberattacks must be reported to the Cybersecurity Hub at the national CSIRT as soon as they occur. In cases where fraud is suspected or a large amount of customer data has been leaked, you may also need to report the incident to law enforcement authorities.

6. Reset, Patch, and Update

With the help of a trusted IT professional, reset your computer network, patch the vulnerabilities that allowed the attack to occur in the first place, and update your files with the most recent versions from your secure cloud backup. 

This will help you get your business up and running again. 

7. Post-attack security upgrade

Finally, be sure to remove any malware that hackers may have installed to gain access to your network and prevent similar attacks from taking place weeks or months down the line.

Implement a total data protection plan

To help ensure that your business is prepared for future cyberattacks, if you don’t already have reliable cloud backup and a secure data protection plan, this would be the time to upgrade your security.

Secure cloud storage, particularly comprehensive encrypted data storage solutions like our
Total Data Protection package, will help keep your sensitive files safe in the cloud.

Trust Soteria Cloud to safeguard your valuable data while focus on your core business. Get Total Data Protection today.

Find out more