How to protect your business from cybercrime

Cybercriminals are constantly on the lookout for their next victims. This is an important consideration if you’re moving your company’s operations online. While a digital presence is now an essential step in creating new business opportunities and stimulating revenue growth, it also comes with risks.

Data breaches, identity theft, hacked accounts, stolen financial information, stolen personal information and fraud are some of the dangers you face when doing business online.

How often does cybercrime happen?

Since the pandemic lockdown in 2020, more people work from home or do business online. Cybercriminals seized this opportunity to run some of the most sophisticated high-profile scams South Africa has ever seen. In 2020, according to Interpol, SA recorded the third-highest number of cybercrime victims in the world. A report in 2022 claimed that 52 of every million South African internet users become victims of cybercrime.

It’s more important than ever to take cybersecurity seriously, to protect your business and your customers from this threat.

Ways to protect your business

Don’t use public Wi-Fi networks for work. These are less secure and more vulnerable to attacks than a virtual private network (VPN). Businesses are investing in multi-factor VPN systems to secure online access to business information used by employees working remotely.

Antivirus software is essential. It can prevent criminals from exploiting security vulnerabilities on your device. Make sure that the antivirus software on all your devices is up to date and install the latest updates or patches to your operating system.


They may try to get you to click on an attachment that installs malicious software on your computer


Encrypt your data and back it up. Back up work-sensitive data safely, according to a data collection and storage process. Encrypt your data so that none of it can be accessed without your password.

Use multi-factor authentication. It’s safer to ensure that you always have multi-factor authentication enabled whenever you access business accounts or critical business systems. Nedbank offers second-factor authentication as an option for all your electronic banking, but if you’re a Nedbank Commercial Banking (NCB) client it is a requirement when you access the Nedbank Business Hub. From the hub, you can do account self-maintenance, apply for products and services, and access NetBank Business for domestic transactions and Global Transactional Banking for international transactions.

Practise up-to-date password management. This is key to good data security. Make passwords as complicated as possible and change them often.

Use digital signatures on all business or legal documents. Digital signatures are the most secure form of electronic signature to date, using public key infrastructure to ensure that your digital communications are encrypted and can only be unencrypted by a receiver with the right key. Several security software providers offer this technology in South Africa, and you can use it on invoices and other business or legal documents to keep your company, your clients and your suppliers safe from fraudsters.

Check cloud safety when using third-party providers. Most businesses use cloud-based solutions these days. Experts recommend that you obtain System and Organisation Controls Type 2 reports from any third-party providers maintaining cloud solutions that you use in your business. These reports are produced by the American Institute of Certified Public Accountants to examine service providers and identify any potential client risks.

Be aware of phishing, vishing and smishing

Phishing, vishing and smishing  are common scams in which hackers try to defraud you via email, phone or text.

When phishing or smishing, fraudsters might send an email or text that looks like it comes from an established organisation like a bank, trying to trick you into clicking on a link that will direct you to a fake website. This site will ask you to enter personal information, or your banking login credentials. Or they may try to get you to click on an attachment that installs malicious software on your computer to gain access to your personal banking details.


Rather follow your gut feeling – stop and verify before clicking on anything


If you receive a suspicious email, Nedbank Cybersecurity advises that you hover your mouse cursor over the email address to check the sender’s address and ensure that it is official and legitimate. Remember that banks and legitimate businesses will never ask you to click on a link in an email to share personal information such as login credentials or passwords. If you receive an email or text asking you to do so, it is more than likely a scam.

Vishing is social engineering through cellphones. Fraudsters will call you posing as bank employees and trying to trick you into disclosing your personal information. Adopt the following habits to counter these cyber threats:

  1. Do not blindly accept the content of unsolicited emails or SMSs as being the truth. If you are concerned about what is being alleged in these messages, verify the sender’s details through their website before contacting them to confirm the legitimacy of a message.

  2. If you receive a notification from a supplier or customer stating that their bank account details have changed, verify the new account details before making payment. We offer NCB clients an account verification service (AVS). This allows you to verify a recipient’s bank details before you pay them any money – another layer of protection against fraudulent invoices.

  3. Activate notification services on your business bank accounts to receive instant alerts about any changes in your account balance or status.

  4. Scrutinise your bank statements regularly for irregular payments and switch to digital statements that can be delivered to your email address daily.

  5. Do not reveal personal or financial information in any email or SMS, and do not respond to email requests for this information.

  6. Regard urgent security alerts, offers or deals as warning signs of a hacking attempt.

  7. If an email makes you feel anxious, fearful, curious or if it sounds too good to be true, rather follow your gut feeling – stop and verify before clicking on anything.

Nedbank is committed to helping you bank your business safely. You can also learn more about cybercrime related to credit cards.