Tuesday August 6, 2019

Alarming new scams businesses have been experiencing and how to mitigate risk

The National Fraud Intelligence Bureau estimated that businesses and individuals across Essex lost £6.5 million between April and September last year. With fraudsters continuing to become increasingly dexterous in their tactics, all business owners need to exercise even greater prudence.

Almost three quarters of UK businesses increasingly feel they are vulnerable to scammers, who they believe to be ahead of the game according to payment system, Vocalink. Despite one in five UK businesses recording attempted fraudulent attacks on their business, 22% still don’t have any processes in place to put up a battle against this threat.

Often, it can be as simple as management teams not knowing what to look out for. In most cases, the threats that companies face can be safeguarded against with some considered planning and process implementation.

There is a marked need for education when it comes to protecting businesses against fraud and cybercrime. There are a number of informative events and workshops hosted across Essex aimed at business leaders, designed to equip companies with the insight and toolkits they need to stay secure. For example, Essex Police Cyber Crime Protect Team and Essex Chambers of Commerce are hosting a cyber security workshop in Colchester this October.

Failing to protect your business could expose it to threats which result in financial and reputational difficulty, particularly as protecting data is a regulatory requirement, too. Acting early will help businesses avoid falling into distress.

Read the warning signs

Understanding the problem is half of the solution. The lack of awareness of the types of tactics expert fraudsters are deploying means that businesses aren’t in a position to fight back effectively. These criminals are continually evolving their techniques to stay one step ahead of the game and outwit businesses.

In order for employers to keep their workforce functioning, and proactively mitigating potential scams, it’s important to have an acute awareness of the current scams happening in your sector, location or indeed already taking place in the company.

Attempts at phishing, the practice of posing as a respectable company to obtain sensitive information such as bank details or passwords, increased by 65% last year according to the Enterprise Phishing and Resilience Defence Report.

This surge means that even more businesses are exposed to the possibility of private accounts and confidential information being stolen. And, it’s not merely the fact that these attempts are growing in number, these cybercriminals’ guises are progressively smart. Now, some attackers use this type of scam as a point of entry into a company to launch even bigger scale attacks.

Be wary of obscure email addresses if you receive a request for personal or business information. Often, fraudsters will labour over making an email identical to the company it is attempting to impersonate, but the disingenuous email address format and small errors will be a tell-tale sign that it’s not authentic.

Hacks like this are common amongst even the largest of companies, with British Airways suffering a data breach just last year. Personal and financial details of 185,000 customers who had made reward bookings were stolen by hoaxers.

Invoice fraud is also on the rise, with £93 million lost by victims in 2019, according to UK Finance. This type of attack means a fraudster is appearing as a regular supplier to that business and contacts the business bank to update details. From this point, companies then unwittingly transfer money to incorrect, fraudulent accounts.

To combat this, directors should verify any payment amendment instructions verbally with a known contact at the given supplier. If the hack is being made over the phone, ask to call back – don’t use the number they have given you. End that call and then call a trusted number instead, for verification. Auditing all third party and contractor accounts is also vital to ensure nothing slips through the net.

Prevention is better than cure

Every year, we see businesses lose hundreds of thousands of pounds as a result of fraud, but those businesses that choose to invest in preventing damaging attacks from being successful are less likely to be impacted than those who simply try to fix a problem when it arises.

First and foremost, employers should provide regular training to all staff so that your workforce doesn’t fall victim to even the most basic attack. Equipping your colleagues with the skills they need to identify fraud and cybercrime is vital to safeguard your business. And, it’s important to provide refresher sessions, so employees stay attuned to the changing criminal landscape and new techniques. Ensuring your workforce also understands the regulatory need to be vigilant to protect customer data will also aid their understanding of why these processes are so important.

If you are unsure about how to begin preparing, the best approach is to speak to an expert business adviser without delay to get the wheels in motion.

Onboarding professional help as early as possible means you have more chance of mitigating these risks. Not only could these attacks cause your business significant financial loss, but reputational loss, too.

For example, consider investing in the best cyber security software, to protect both your own businesses’ sensitive information, and your clients and customers. Losing customer data can have a devastating impact on your company’s reputation, and the feeling of mistrust can harbour for long after the attack has passed. By safeguarding in this way, both your staff and customers have the peace of mind they need to trust in the business.

First published in the Essex Chronicle in August 2019.