In this informative, wide ranging and insightful webinar, presented by LexisNexis, Mark Heyink leads a discussion with Miles Carter (Chairperson of the Law Practice Council Risk and Compliance Committee) and Kovelin Naidoo (Head of Cybersecurity at a major South African bank) on the topic of Business Email Compromise.
They discuss the prevalence and cost of international cybercrime and how it is run by organised crime as a business, resulting in great reputational damage and massive losses to companies and legal firms. They highlight the need for us to appreciate that the raw material of cybercrime is our personal information and that criminals can and will obtain it using very many sophisticated techniques such as buying databases, client impersonation, replicating company websites, phishing and using “mule accounts” (a particularly compelling example of how legitimate bank accounts are used to defeat the most robust fraud monitoring mechanisms which banks implement, to transfer money very quickly and widely).
In understanding and combatting Business eMail Compromise as the doorway to cybercrime, they suggest several solutions and initiatives be implemented by companies, these include:
- Education – educating everyone about how inherently insecure email is, and the importance of learning about cybersecurity and implementing it correctly.
- At the very least using the latest, updated security software, not only on laptops and PCs within company networks, but also on mobile devices used by employees.
- Implementing two factor authentication.
- Implementing the use of complex passwords and considering the use of paid for password managers.
- Taking out cyber insurance.
- Using Advanced Electronic Signatures more widely.
- The adoption of a multi-sectoral approach by banks, the South African Police Force and other agencies.
- Using out of band communication to verify material transactions.
Use this link to view the webinar.
Mark was a member of the South African Law Reform Commission that researched and drafted the initial Protection of Personal Information bill and advised the Joint Parliamentary Portfolio Committee for Justice in finalising the bill prior to its enactment.
He also led the teams considering public comment on the Electronic Communications and Transactions Act and presented this comment to Parliament on behalf of businesses represented by KPMG in 2002.
He has served as a member of the National Cybersecurity Advisory Committee. He was invited to serve on an "expert group" convened by the Deputy Minister of Justice to review public comment, provide further comment and assist in the redrafting of certain of its provisions of the Cybercrime and Cybersecurity Bill.