22 Jun RANSOMEWARE: PROTECT YOUR BUSINESS NOW!
“Every case involving cybercrime that I’ve been involved in, I’ve never found a master criminal sitting somewhere in Russia or Hong Kong or Beijing. It always ends up that somebody at the company did something they weren’t supposed to do. They read an email, went to a website they weren’t supposed to” (Frank Abagnale, security consultant and ex-conman, inspiration for the film “Catch Me If You Can”)
Cybercrime is always in the news these days, mainly because more and more companies are affected by it. Lately, ransomeware has been the preferred weapon of scammers.
How does it work?
Typically, one of your employees gets an email with an attachment and as soon as the attachment is opened ransomeware begins encrypting files and shuts down your computer systems or a crucial part of your business. Emails aren’t the only threat – increasingly, infected popups and links to fake websites are being used.
You then receive a ransom email demanding payment in either Bitcoins or via an EFT within 48 hours. If the amount is not paid immediately, then the amounts are escalated by the cyber criminals. As regards the quantum of the ransom, in two recent cases for example R25,000 was demanded. Sometimes a nominal payment will be requested at first, followed by further (and larger) demands once you pay up.
When the ransom is paid you are supposedly given passwords to restore your computer operations. In many cases however you are not given passwords even after you cough up the cash, and you are then open to continuing extortion – making it inadvisable to pay the ransom.
Businesses have responded to this by instructing all staff to delete any unfamiliar emails that contained attachments. In response, cyber criminals upped the ante by getting profiles of senior executives and sending “management emails” to staff instructing them to follow what is contained in the attachment. Thinking the email came from a senior executive, the staff member would open the attachment. Immediately, the ransomeware kicks in …..
Don’t risk disaster: How to protect your business
Using up-to-date anti-virus software with a firewall is a must and many businesses have encrypted their sensitive information. Educate and instruct staff not to open links in emails or email attachments, not to visit suspicious websites, to keep anti-virus software fully updated, and to disconnect from the Internet immediately if anything suspicious happens. There are also reports of scammers using popups so make sure everyone uses a reliable popup blocker. Circulate the FBI’s latest 8 point protection list in “FBI Warns the Public About Ransomware Internet Scam” on their website.
Most important is to do daily backups. If you get infected then the most you can lose is a day’s worth of transactions which can be quickly re-captured. In the above cases where R25,000 was demanded by cyber criminals, the businesses used backups to restore their systems and didn’t pay ransom.
Be vigilant, back up and use the latest antivirus software. Remember, technology keeps changing and so will cyber criminals.
JUNK STATUS I – HOW WILL IT AFFECT ME?
“Now is the winter of our discontent” (Shakespeare)
The first thing to rise would be interest rates. If you have a mortgage bond or have financed a car, your monthly payments will rise. As a rough example, a bond of R500,000 would cost R837 more a month if interest rates increased by 2.5%.
The next shock would be another slide of the currency, the reasons for which we discuss in the next article. The price of petrol will increase. This will come at a difficult time as it appears that the cost of crude oil is now beginning to move upwards and the Rand decline will magnify petrol price hikes – we could be looking at R1 per litre initially and then ongoing monthly petrol price hikes.
You will have noticed that petrol price rises lead to a variety of cost increases – from airline tickets to the price of food. Many of our basic foods (maize for example) are priced in dollars and this will lead to further cost pressure.
We have some militant unions at the moment and we can expect immediate demands for higher wages which will add to inflationary pressures.
All these cost increases will reduce economic growth and as the current growth rate is only 0.6%, there is a strong possibility the economy could enter a recession.
Thus, we could face a period of low or negative growth coupled with growing inflation, and a weakening currency resulting in more interest rate hikes. This creates potential for a debt default – those of us who remember 1985 will recall that interest rates rose to 25%. In the bond example above, this would translate into bond payments going up by more than R5,500 a month.
The average time it takes to recover from a downgrade to junk status is 7½ years.
We are already facing tough economic times – a drop to junk status will, as they say, put the country into a long “winter of discontent”.
JUNK STATUS II – AVOIDING IT IS MORE THAN GETTING ECONOMICS RIGHT
Since “Nenegate”, the country has been fixated on avoiding being reduced to junk status by ratings agencies. Three agencies control 95% of the market and with Moody’s we are two notches above junk but with Fitch and with Standard and Poor’s, South Africa is just one notch above junk status.
Being downgraded to junk will force up the cost of borrowing (debt financing is the fastest growing expense in our national budget) and will see another slide in the currency. This is because most foreign institutions are not allowed to buy or hold government debt if the country has junk status. So, if we are downgraded to junk status, foreign institutions will offload our bonds resulting in a sizeable depreciation of the currency. To borrow additional funds will mean paying higher interest to attract investors.
How do we avoid being downgraded to junk status?
It has been generally accepted that control of our budget deficit plus a return to economic growth are the things ratings agencies are looking for. Whilst they are looking at these factors, Moody’s raised another factor they consider to be important and that is the health of the nation’s institutions.
It is not just the obvious ones like Eskom, the Treasury and the Reserve Bank but ratings agencies also take an interest in the Office of the Public Protector and the Constitutional Court. They see the smooth functioning of these institutions as an essential underpinning of economic long term health.
Equally important are the efforts by Minister Gordhan to create effective working cooperation between government and business to implement measures to avoid being categorised to junk status.
Institutions like the Public Protector ensure democracy is vibrant and working. They keep a check on corruption (or at least ensure it is exposed and remedied) and protect fundamental rights (like property rights). The breakdown of these institutions has a close correlation with economic recessions or worse. Zimbabwe is a good example of this.
Assessing the risk
So when you are trying to analyse whether we are headed for junk status consider more than our economic outlook – see if the Public Protector’s findings are being followed, the laws of the country are being enforced and government and business work effectively together.
YOUR SME: KING IV CORPORATE GOVERNANCE CODE MAY APPLY TO YOU
The King reports over the last two decades have become locally and globally synonymous with good governance. To date the King Codes have had limited impact on small and medium enterprises (SMEs).
It is important to note that the King Codes are voluntary.
In terms of the latest King IV Report (it has been released for comment and will only be final once all comments have been considered) supplements have been released for various types of organisations to report on corporate governance. One of these supplements applies to SMEs.
How does King IV define an SME?
A company with at least 350 points in terms of the Companies Act’s Public Interest Score calculation is considered an SME.
The points are a combination of turnover (1 point per R1 million), employees (1 point per employee), third party liabilities (1 point per R1 million) and shareholders (1 point for each shareholder).
Thus, King IV seems to be looking more at medium sized entities than at smaller ones.
Why adopt these codes if they are voluntary?
Over the long term there is a strong link between sustainability and good governance. For example, good governance can help with getting access to finance and a well governed organisation will outperform the market in the long term.
What do the codes require?
The starting point is good ethical leadership – if an organisation has this, it invariably practices good governance – and thus the board of directors must lead in a responsible, transparent and fair way.
This foundation should apply to all businesses as the ethos of a business usually is defined from its early beginnings.
The composition of the board of directors should ensure it has the skills and independence of thought to effectively manage, control and report on its performance.
In order to ensure adequate control, the codes envisage that the board will govern:
- Risk and opportunity,
- Technology and information,
- Compliance with all laws,
- Fair remuneration policies,
- Good stakeholder relationships and
- Assurance that adequate control and reporting integrity are in place.
When implementing practices to comply with the King IV Report, the size of the organisation will dictate the resources to allocate to the codes. Thus, whilst a large company will have, for example, an audit and risk committee, your medium sized company may allocate say 25% of a director’s time to meeting the requirements set out in the Report. It is up to each organisation to use its judgement.
In your organisation’s annual report, there should be a section on how it is implementing the Report. Some templates are provided for in the King IV Report but these are not prescriptive.
Good governance makes commercial sense in the long run, so it is worth taking stock of where your business stands on this issue.
WARN YOUR EMPLOYEES ABOUT THIS NEW TWIST IN DEBT COLLECTION
It is estimated that nearly 80% of income for the poorer communities services debt.
In a bid to curb abuses in the debt collecting industry, legislation was introduced in 2015 that made trading in prescribed debt and collecting prescribed debt illegal.
Typically, what happened was unscrupulous agencies would buy prescribed debt for several cents in the Rand. They would add interest to this debt and service charges and would then zealously pursue these debtors.
This left an almost impossible cycle of debt for low income communities.
What is prescribed debt?
A debt prescribes if, for three years (this is the prescription period for most commercial debt but there are different prescription periods for e.g. instruments such as mortgage bonds) –
- No payment is made,
- The debtor has not acknowledged that a debt is owed, and
- The creditor has not summonsed the debtor.
Warn your staff about this new twist
The amendment that banned trading in and collecting of prescribed debt has a clause outlawing the collection of prescribed debt “where the consumer raises the defence of prescription or would reasonably have raised the defence of prescription had the consumer been aware of such a defence in response to a demand”.
Some debt collecting firms have begun highlighting this clause to debtors. Legally, this ensures the debtor is aware he/she can use prescription to void the debt. If the debtor then fails to invoke the prescription defence and agrees to repay the debt, then the agencies proceed to collect the debt.
The National Credit Regulator has reportedly stated that this interpretation is wrong, and although it hasn’t yet been tested in our courts, check that your staff are not subjected to it without challenge.