How well are you equipped for handling cyber threats to your business? Take the quiz below to test your knowledge on cybersecurity.

You just received an email from a client telling you to attend to an urgent financial matter with a link to help you.

Do you… ?

a.) Click the link provided to sort out the problem as quickly as possible.

b.) Delete the email because all emails like these are scams.

c.) Carefully assess the sender address and content, and contact the sender via a previously used channel.

There are many cybercriminals out there who are intent on gaining access to company secrets and sensitive information. Whenever an email reflects a sense of urgency and demands immediate action, it is usually a good time to pause and assess all the facts. Fraudsters are known to use seemingly legitimate addresses that mimic real email addresses to lure individuals into clicking malicious links and giving away sensitive information. Whenever you receive an email with an unsolicited link or that presents itself with great urgency, it is best to contact the sender through a known channel to ascertain whether or not their request is legitimate (most of the time it will not be). Be vigilant to avoid this kind of cybercrime known as ‘phishing’.

A strange pop–up just came onto your browser window.

Do you … ?

a.) Reach for the“X” (close)button and click it as quickly as you can.

b.) Inspect the pop-up without clicking anything, and exit the website if the pop-up is unexpected.

c.) Just click accept because you don’t believe that pop-ups can harm your computer.

There are many websites that run scripts that are malicious or have the potential to be malicious. While it may feel instinctual to just reach for the first sign of an exit button, be wary not to click on a malicious link. Many illegitimate and fraudulent ads, pop-ups, and notifications exist on the web that mimic legitimate messages. Always inspect a pop-up and if it is unexpected (especially if it relates a sense of urgency) it may be best to exit the website altogether. Many aids, such as anti-virus and anti-malware software, exist to help users identify bad or potentially hazardous sites.

You’re setting up a new computer and new accounts for an employee.

Do you … ?

a.) Only install the operating system, and give your employee easy to remember passwords like 123CompanyName and trust the basic pre-set antivirus software

b.) Set up the computer with all relevant software, already-strong passwords, and premium security software?

Whenever you set up a computer for an employee or set up new accounts for your employees, it may be tempting to simplify the process. However, making sure that you uphold a high level of security from the start is vital to ensure maximum protection. Set up new accounts with strong passwords that cannot be easily guessed and contain an array of lowercase, uppercase, numeric, and special characters. While pre-set antivirus programs like Windows Defender are not completely useless, they cannot provide the same level of security that dedicated anti-virus software can.

You’re working away from home and find yourself seated in a coffee shop.

Do you … ?

a.) Connect upto your own mobile router because you think that is the safest option

b.) Connect to the first available open Wi-Fi network with a name like FREE WIFI

c.) Use a VPN before connecting to any network in the public space

d.) Buy a coffee and just people-watch because you can’t work safely from a coffee shop

Open Wi-Fi networks are extremely dangerous as they have no protocols in place to prevent anyone from reading the data shared on the network. It is not advisable to connect to an open network, and where open networks are used, make sure that they are legitimate (in the scenario above, you might ask a waiter for the coffeeshop’s Wi-Fi name and password – if the Wi-Fi is password protected) and use a VPN program to encrypt the data sent from and to your device. It should be noted that although VPNs are largely effective in hiding data from cybercriminals, it is not a failsafe as there may be delays in the connection between the network and connection to the VPN (in which your details could be briefly exposed). It is always best to use a trusted network.

A new employee has just joined your company.

Do you … ?

a.) Educate them on things to look out for online and teach them to practice online safety

b.) Let them read through a policy and hope they understand the security measures that you have in place

c.) Trust them to know good security practices because their generation knows internet security a lot better

Proper cyber-security in your business relies on adequate training and retraining — regardless of age and experience, you cannot rely on the new employee to be aware of all the security threats that your business may face. While online safety policies may provide guidance and give you a method of keeping employees accountable for digital safety, it doesn’t physically provide that safety. Always keep educating and retraining your employees (even established ones) on cybersecurity practices, thereby establishing a company-wide reverence for digital security best practice.

Your employee does not have a personal computer and wants to use their work device for personal purposes.

Do you … ?

a.) Tell them that the device is only for work purposes and is not to be used for personal tasks, leaving them disappointed

b.) Avoid being a spoilsport and let them go to town with the device

c.) Tell them that it’s okay to use it for personal tasks as long as they take strict security measures

Even if you want to exude a ‘cool’ attitude and have your employees like you, letting them use work devices for personal use is highly irresponsible. If you do not set strict boundaries regarding the use of company assets, you open up yourself and your data to a world of unnecessary risk. Even if you have the utmost faith in your employees, you should always designate company devices for strictly professional work. You may also want to add administrator privileges to ensure that your employees are unable to install/uninstall any software that you have not authorised.

[Answer key: 1.c, 2.b, 3.b, 4.a (or c), 5.c, 6.a]

This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your financial adviser for specific and detailed advice. Errors and omissions excepted (E&OE)

This article focuses on primarily whether the police may search a person without a warrant of arrest. On the face of it, it would appear that the search and seizure of a person and premises are in contravention with the Bill of Rights, more specifically section 14 of the Constitution of the Republic of South Africa.

With the enactment of the Constitution, there have been a number of constraints on search and seizure powers by police officials. Section 14(a) of the Constitution specifically protects the right not to have a person or their home searched. A person’s home, it is widely accepted, constitutes the highest expectation of privacy. According to section 36 of the Constitution, rights in the Bill of Rights may be limited by a law of general application, if the limitation is reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom.

The Criminal Procedure Act allows the police to search any person or any container or premise of that person without a search warrant. It also allows the police to seize any article reasonably believed to have been used to commit a crime or that is reasonably believed to be evidence that could assist the state in proving that an offence was committed. This can be done only if the owner gives consent for the search or if the police officer has reasonable grounds to believe that a search warrant would have been issued and a delay in conducting the search would have defeated the purpose of the search and seizure operation.

What this essentially means is that a police officer can search you personally or can search your car or house even when no search warrant was obtained and even when you did not give permission for such a search. However, such a type of search without a warrant can only be executed where there are reasonable grounds to believe that a search warrant will be issued to the relevant police official should he apply for it and that the delay in obtaining such warrant would defeat the object of the search.

According to the relevant case law, a police officer must have a reasonable suspicion that a person committed an offence or that a person is in possession of an article used or to be used in the commission of an offence. A mere assertion by a police officer that he or she had such a suspicion without any evidence to back it up will not do. This means that where a police officer stops you in the street and decides that you are a drug dealer merely because of your appearance, he or she will not be able to merely argue that there is a reasonable suspicion that you committed an offence or are in possession of an article used in the commission of an offence and, hence, will not be entitled to search you.

In terms of the South African Police Act 68 of 1995 the National or Provincial Commissioner may where it is reasonable in the circumstances in order to exercise a power or to perform a function of the service, authorise in writing a member under his command to set up roadblocks on any public road. Any member of the South African Police Service may, without a warrant, search any vehicle at such a roadblock. However, such a search without a warrant in a roadblock may only be conducted upon the written authorisation by the National or Provincial Commissioner of the South African Police Service.

It is of paramount importance that a police official exercise his or her discretion in conducting a search without a warrant carefully and does not infringe a person’s right to privacy as entrenched in section 14 of the Constitution. It is also important to note that a search and seizure by a police official must be reasonable and justifiable in terms of the Constitution.

Reference List:

The Criminal Procedure Act 57 of 1977
The South African Police Service Act 68 of 1995
The Constitution of the Republic of South Africa,1996
Geldenhuys T,The Criminal Procedure Handbook, Juta, August 2010

Test your knowledge on cybersecurity

Can the police search a person without a warrant of arrest?