Cyber-crime, which encompasses online attacks and data hacks, is ever present and increasing in prevalence given that we work, live and operate in a largely digital-first society.
Naturally, COVID-19 has led to a huge shift towards working from home, meaning that companies and individuals are at even greater risk of being exposed to a data breach.
This is certainly true for smaller businesses and SMEs, where their IT infrastructure is likely to be less sophisticated than those of larger organisations and in some cases relies upon employees using their own laptops and installing their own firewalls.
The result is criminals taking advantage of these security weaknesses and an overall increase in cyber threats and risks throughout the course of the current pandemic, which is negatively impacting businesses on a mass basis.
Having your business become a victim of cyber-crime can lead to devastating results, such as lost profit margins, decreased productivity and a damaged reputation, at the very least until the issue is brought under control and rectified.
The Department for Digital Culture, Media and Sport’s ‘Cyber Security Breaches Survey 2020’ revealed that almost half of businesses (46%) reported having cyber security breaches or attacks in the last 12 months, compared to 32% in 2019. This cost them an average of £3,230 in losses, and for medium and large firms the average amount was higher at £5,220.
This is why, when it comes to recovering post-pandemic, taking steps to protect your business against cyber-crime is essential for both your own future success and that of the wider economy.
Here, our AML, Financial Crime & Fraud Managing Consultant Andy Hodson provides practical advice you can take to mitigate the risk of a cyber-attack.
Invest in the right technology
Now is the time to invest in infrastructure. Virtual private networks (VPN) are crucial as they ensure an encrypted connection between a device and a network, preventing unauthorised access and safeguarding sensitive information. With many employees using personal devices for work, businesses must ensure their workforce is keeping software up-to-date by only using secure Wi-Fi connections and regularly running anti-malware and anti-virus software checks.
Fraud protection
There are numerous COVID-related scams and malware campaigns currently doing the rounds which urge people to part with sensitive banking and personal information or download malicious files onto their devices. SMEs must ensure that all appropriate safeguards are in place. For example, businesses should work with experienced external partners to quickly, safely and securely digitise manual processes, including automating the monitoring and movement of cash flow.
This will guarantee a clear picture of finances at all times. Business owners should also ensure there are enhanced controls in place for any manual payments being made as this will help to mitigate fraud risk.
Provide training
Most cyber fraud attacks depend on human interaction. In order to breach an organisation’s defences, its easiest target is employees rather than systems. Ensuring the workforce is trained about the various techniques fraudsters use is key. SMEs must ensure they have reinforced cyber safety policies and frameworks in place with staff and that they have been understood.
One common method is to make an urgent payment request that is unusual in nature, including for example, changes to a beneficiary’s details. Requests like this should be checked over the phone before being processed, because criminals are becoming increasingly sophisticated in their MO, e.g. devising elaborate phishing emails.
With this in mind, be wary of emails, texts, calls or letters claiming to be from the likes of Centres for Disease Control & Prevention, the Global Heath Centre and the World Health Organisation. On account of people feeling the pinch in a financial sense and being genuinely concerned about the virus, fraudsters are leveraging the disease for email campaigns. They might include a link to an app which tracks the virus using a map, information about working conditions or policies, mortgage repayment holidays or rent relief and tax refunds or rebates from gov.uk or HMRC. These are just several examples of areas being used to test the wits of an unsuspecting victim.
Be aware of potential mistakes
Often, cyber criminals will put pressure on an individual to act quickly and this sense of urgency can lead to poor judgement and mistakes. It is vital that staff are aware of the guises a scam could take so they know to pause and reflect on something that appears suspicious before reacting.
Payment scams can occur via fake emails, with fraudsters impersonating a senior figure within the organisation and requesting an urgent payment or confidential information. These requests tend to be sent to accounts department email addresses which can be easy to identify or guess, and aim to manipulate staff members into making a false payment to a supplier or partner, while keeping the transaction confidential to discourage further verification steps.
The process of invoice fraud involves a cyber-criminal telling a business that their supplier payment details have changed and providing alternative information that will ultimately defraud the company. It can be easy for fraudsters to research relationships between companies and their suppliers and even to find out or accurately estimate when payments are due. To avoid being caught out, changing the banking details of suppliers should always be approached with caution. In some cases, it is best to remove testimonials from websites or social media so it is more difficult to identify prospective suppliers which criminals could go on to impersonate.
Employees should be trained to look out for key signifiers that will show these emails as fraud, such as fake email addresses hidden underneath familiar names, emails encouraging you to ‘Click Here’ to carry out an action or any language that you wouldn’t necessarily use in your organisation such as ‘URGENT’, or someone writing in a tone unlike their usual self. It is also important to encourage employees to follow all processes correctly and carry out full verification and checks to ensure authenticity before proceeding, and it flag something that seems suspicious.
When it comes to data breaches, good preparation to fight against it is key. Being aware of potential security weaknesses across your business and putting strategies in place to protect against them means that you can drastically reduce the chances of a detrimental data breach.
In summary, to avoid COVID-related crime SMEs should educate employees, ensure systems are robust, keep technology updated and automate manual processes.
To discuss your Financial Crime & Fraud recruitment requirements in more detail, please get in touch with Andy for a chat: ahodson@merje.com