It goes without saying that, in the digital age, businesses are undoubtedly becoming more exposed to cybercrime. Research shows that almost half of UK firms were exposed to online fraudsters in the last year alone.
These hacks are costing the global economy over £4.3 billion – a figure that is prompting management teams to review their security measures. A recent study by tech retailer Ebuyer identifies Essex as the county most at risk to cyber fraud in the whole of the UK, so management teams based here need to be extra vigilant.
With more and more data – from financial records to customer information – being stored on cloud systems and internal servers, it gives criminals a platform to cause serious damage to businesses, and so it is essential that firms implement processes to best safeguard against potential threats. Ultimately, firms need to put robust plans in place to avoid threatening activity that may leave the business in an unfortunate and distressing situation.
Over the last few years, the media has been littered with news of big brands falling victim to online ploys, which have resulted in heavy reputational and financial losses. The TalkTalk scandal of 2016, where a hacker accessed the personal details of over 150,000 customers and sensitive financial data of over 15,000, resulted in losses of 100,000 customers because of the business’s failure to deploy security processes to keep information confidential. More recently, the ride hailing firm Uber had reportedly leaked the personal information of 57 million customers and drivers, which was subsequently concealed by the business until the story was unearthed last year.
It’s often assumed that firms of this scale would have the infrastructure in place to safeguard from threats like this. The reality is, often businesses don’t. So many firms, both large and small, have gaps in their software which can give hackers a route into their systems. Business owners should remember that prevention is better than cure, and while investing in online security measures may incur an upfront cost, it’s worth doing in the long-run.
There is myriad methods hackers can deploy to access a business’ server, data or other internal platforms. The surge in recent years is, in part, attributed to the fact that more businesses are moving data, information and financial details to online platforms and cloud systems. As a starting point, businesses should seek advice from professionals to ensure they are familiar with cyber fraud strategies. This can help to uncover gaps in internal systems which may be subject to a cyber breach.
FRP has a wealth of experience in implementing cyber-security and fraud prevention measures, supporting those who have fallen victim to an attack. It’s important to act early and remember help is on hand to navigate these difficult times – with our support we can help guide a business back to financial health.
Clients and suppliers should also feel assured that FRP has attained a Cyber Essentials Plus accreditation, a Government backed scheme that helps to secure IT systems against cyber-attacks and ensures heightened cyber security measures are in place.
There are so many different examples of cyber-attacks, with some of the most common being cyber extortion. This is the direct victimisation of an individual or business, by making demands online. Threats will vary case by case, but historically these have included leaking private client information to the internet, or posting defamatory comments about a business on a website, leading to reputational damage.
Ransomware is also a typical attack, when a type of malicious software (malware) severely restricts access to a computer, device or file until a ransom is paid by the user. It can lock a computer screen or encrypt files with a password, meaning the rightful owner is no longer able to access or control what happens with this data.
Employees should also be wary of hackers imitating a recognised supplier, service provider or colleague by sending an email, letter or online message requesting payments to be made into a specific account. Equally, requesting details of other bank accounts is also on the increase. As well as this, some fraudsters imitate the CEO or another senior member of a business, or hack the email account of that individual. Known as CEO fraud, correspondence will often be urgently demanding highly confidential information or payments to be processed. In these situations, it is important to look at the style and wording of the message as it may have spelling mistakes or other small differences from the secure sender’s usual methods.
An extremely common type of cyber fraud is phishing, where hackers gain access to a firms’ confidential files and information by extorting information through a phone call or email. Although this technique has been around for many years, businesses still unwittingly fall short to this ploy and freely give away passwords and authorisation codes.
There are some simple but essential processes that organisations can put in place to reduce their vulnerability and ensure the misplacement of data doesn’t have a detrimental impact on operations and cashflow.
First published in the Essex Chronicle in July 2018.