If you have used email or browsed the internet, at some point you have probably come across a warning about phishing. Particularly within Africa where the vast population has never had any real first-hand experience with online fraud, these warnings often go ignored due to lack of awareness of the real danger of cyber fraud and, unfortunately, that means this corner of the world is ripe with opportunity for criminals to take advantage of our people’s complacency. Phishing targets individuals and institutions and data shows that financial institutions tend to be disproportionately attacked; this makes some degree of sense logically as fraudsters are typically after money and what better place to access it than the source itself. And while this is the case some financial institutions still believe their downloadable computer security software is sufficient, however, the calibre of hackers going after financial institutions can easily scale the firewalls and other security features that basic software offers. This is not to say this basic software is not useful, for a personal use device it should be enough, but for institutions that manage millions and are responsible for other people’s money the probability and consequences of these attacks really should not be ignored, and hopefully through this post we can help you better understand the very real risks of financial phishing.

While many of us have come across phishing warnings and have deduced that it is some type of cybersecurity issue, some people do not know what it actually is. Phishing is when personal information is obtained through fraudulent methods such as websites, emails or SMSs that appear to be legitimate requesting information such as account details, bank card numbers, etc. This information is then used by hackers to access bank accounts, make transfers and perform other unauthorised transactions.

Over one third of phishing attacks target financial institutions, and banks and their customers have lost billions as a result of falling prey to these scams. The direct monetary losses can be massive but the consequences go well beyond that. As a financial services provider one of the most important assets you have is your clients’ trust and once that is compromised it is extremely challenging to regain. A cybersecurity breach of this nature can cause irreparable reputational damage and as if the loss in potential business is not enough you may also have to deal with legal processes and fees too.

All of the trouble that successful phishing attacks can cause is just not worth it and can be avoided. The first step is to ensure that adequate cybersecurity systems and personnel (whether internal or external) are put in place and are consistently updated and versatile enough to adapt to the ever evolving skill sets of hackers. The second step is to educate your staff about the danger of cyber-attacks, including but not limited to phishing, and this is an extremely important step that most organisations overlook. Data shows that of the 36% of breaches that are not found by cybersecurity professionals who hunt for them, 72% of these unidentified breaches are flagged by non-security staff. These numbers are telling and show that as important as cybersecurity experts are it is equally important to train staff to be vigilant and know how to identify a threat, and to have clear procedures in place on how to report and manage those threats.

Though experts such as Baker Tilly Digital can provide the necessary cybersecurity services to protect your financial institution, coming as close as possible to being fully protected requires concerted effort from everyone in the organisation. “It has never happened to us” is no excuse for lacklustre cybersecurity, perhaps it simply just has not happened to you yet, and you do not want to be caught on the wrong side of the fence if a breach does occur. The difference between a catastrophe and manageable losses is preparation and mitigation – as the saying goes, prevention is better than repair.