The Tribune

By YOURI KEMP

Tribune Business Reporter

ykemp@tribunemedia.net

Bahamian companies and individuals have been urged to adopt the “not if, but when" approach to combating hacking and other cyber crimes by a senior Central Bank information technology (IT) official.

William Gilbert, the financial regulator's information security office administrator, told a webinar organised by the Utilities Regulation and Competition Authority (URCA) that “cyber security hygiene” measures were assuming ever-increasing importance given that many persons are working remotely due to the COVID-19 pandemic.

"Our reality today is not if we will get hacked, but when we’ll get hacked," he warned. "This is a scary fact for a lot of persons to accept. Could you really imagine your identity being stolen, or perhaps your life’s earnings being wiped out in mere minutes from your secured bank account?

"As an individual with a cyber security background I must say that those very same scenarios have happened - and I suspect will continue to happen - especially during these trying times.”

Mr Gilbert added: “Cyber security hygiene refers to the steps that users, or computers and devices, take to maintain system health and improve online security. But why, exactly, is cyber security hygiene necessary, especially during the COVID-19 pandemic? Cyber attacks have increased drastically, and have become more sophisticated within this season.

“The amount of emails about COVID-19 has increased by 667 percent since the end of February 2020. In one week alone in April, Gmail reported seeing 18m daily malware and phishing emails related to COVID-19.”

Mr Gilbert said that despite these alarming numbers, there are measures persons can take to improve their cyber security hygiene practices. He added: “One of the best defences against cyber attacks, inclusive of phishing, is cyber security awareness training.”

He also recommended that persons use a secure password while surfing the Internet, which should never be shared with anyone and changed every six months.

"Social media has changed the way in which we communicate, but it has provided a platform where hackers would have all of the information they need to target you," Mr Gilbert added. When using social media, he urged persons to “think before you post, and don’t post things like your location, travel history, specific information about your family and your place of employment. Lastly, but not least, privacy. Make use of the built-in privacy settings on all of your social media platforms.”

Royann Dean, head of the Bahamas Chamber of Commerce and Employers Confederation's (BCCEC) digital committee, said: “We know that from when the pandemic hit The Bahamas in March there have been a lot of changes, and it resulted in many of us having to work from home or work from a more flexible workspace. I think it is safe to say remote working will be here for a while."

Ms Dean said the “starter kit” for working from home is a stable Internet connection, plus a network that keeps data in a secure space where it is not easily visible. She also called for “noise cancelling headsets” when working from home to cancel out any background noise.

"It’s critical to maintain the productivity of your team when they are working in separate spaces," Ms Dean added. "So the first tip is to manage expectations around how your team will work. Discuss your normal working hours, discuss the reply times and how long is it OK before people reply. How should they notify when things are not going to be done as expected?

"Get your team organised with productivity software. Software like MS Project, Asana, Monday and Wrike. Help to set schedules, track progress and assign tasks and deadlines. Consider video conferencing software to have regularly scheduled meetings”

Ms Dean said “staying connected is crucial for working remotely”, and added: “My first tip is to use software that allows messaging within teams. For example, Slack, Asana or Basecamp. Also establish consistent one on-one meetings, weekly reviews and daily warnings or end-of-day check-ins.

“Small businesses have been experiencing an increase in cyber attacks, and it’s crucial that we keep data safe when we are not working in the same space. The first thing is to let your technology team set cyber security goals and Internet controls.

"That means identifying which systems will be protected, knowing how many people are end points for the data, identifying where your data should be stored and keeping your data internal to your network if possible.”

Ms Dean also warned against using Universal Serial Buses (USBs), as these connectors have a very low security threshold and are “perfect” for spreading malware on a computer.