The Biggest & Best Portal to the Professional Property, Workplace and Built Environment Community

Friday, 23 February

Cyber Security - Tackle Staff Weak-point

With online crime becoming an increasing threat for businesses, new figures from Action Fraud and Get Safe Online released this week show that from March 2015 – March 2016, a huge total of £45,150,532 was reported lost by businesses in the City of London alon to online crime. This comes as across the country, Action Fraud saw a 22% increase from 30,475 in 2014/2015, to 37,070 crimes reported in the last year.

On average, each police force in the UK recorded £19,626,323 in losses by businesses in their area. However, the true picture could be even higher, as these figures do not take into account the amount potentially lost by those businesses who choose not to report online crime to the police.

Action Fraud and Get Safe Online both claim a substantial amount of attempted fraud against businesses is successful due to lack of knowledge or sloppy habits by their employees. From these latest figures, it’s evident that businesses need to do more to ensure staff across the board have appropriate online fraud awareness training, so that everyone understands their role in keeping the business secure.

 

The online crimes businesses must watch out for

Mandate Fraud is becoming an increasingly worrying issue for businesses. This occurs when a fraudster gets victims to change a direct debit or standing order by pretending to be an organisation a victim makes regular payments to, for example a business supplier or subscription service. It’s an extremely targeted approach, with £1,194,287 lost to it by businesses in London. 

Corporate employee fraud – where employees or ex-employees obtain property or compensation through fraud or misuse corporate cards and expenses – is also on the rise, with 26 cases recorded in 2015/2016 and £14,482,052 lost by businesses in London. It’s position in the top ten most reported crimes by businesses across the UK in the last 12 months demonstrates how fraud is not just an external threat but can also affect a business from the inside. It is therefore vital for all businesses to provide their staff with the right tools and training to be able to identify signs of fraud or suspicious activity, before it’s too late, as well as having guidelines in place on whistleblowing.

Hacking is perhaps one of the main issues facing businesses. A fraudster can hack into a business's server, an employee’s personal computer, or access email/ social media accounts to obtain private information. In its various forms. Hacking is one of the most widely reported types of fraud in the UK over the past 12 months, with 1314 reported cases.

 

Retail and investment industries also targeted

Other types of fraud committed against specific industry sectors such as retail and insurance also accounted for a substantial proportion of crimes reported by businesses, owing mainly to the typical transaction values involved.

Retail fraud, defined as fraud committed against retailers through refund fraud, label fraud or when goods are ordered with no intention of paying – has risen by 71% in 2014/ 2015, from 3,559 cases reported in 2014/2015, to 8,163 cases in the last year. Specifically, London lost £129,789 to retail fraud. Across the country, a substantial increase in retail fraud reports came between November 2015 to January 2016, possibly connected to the increased spending in retail over the Christmas and winter sale period.

In addition, Insurance Related Fraud showed a marked increase of 68%, from 587 in 2014 – 2015, to 986 cases in the last year.

In terms of the areas worst affected, Metropolitan and Essex police forces received the largest volume of reports, with 5,742 and 2,505 cases of online crime. This is followed by Thames Valley (1,335), Kent (1,185) and West Midlands (1,158). Furthermore, the Metropolitan Police area had the highest reported loss of £240 million, followed by Essex (£196 million) and Leicestershire (£188 million).

 

Crimes on the decrease 

Although still one of the most widely reported crimes affecting businesses, reports of Cheque, Plastic Card and Online Bank Accounts Fraud (defined as the fraudulent use of a cheque, plastic card or online bank account) decreased by 21% in the last year, moving from the most reported fraud with 7,114 reports in 2014/2015, to number three in this year’s most reported online crimes (5,682 cases).

Additionally, 2015 – 2016 reports of other Advanced Fee Frauds have decreased by 37% , moving out of the top 10 reported crimes. Other Consumer Non Investment Fraud – whereby victims are shown or test a product that isn’t received, is fake or is stolen – has also decreased by 31%. 

 

City of London Police

The City of London Police’s Commander Chris Greany, the Police National Coordinator for Economic Crime, said: “For today’s modern business, the ability to safely email, work remotely and operate a website is crucial to everyday operation, success, and the ability to grow. 

“However, hand in hand with this does come an element of risk, and seeing the huge amount lost by businesses in City of London to online crime in the last year, highlights how local businesses need to train their staff to spot the signs early on.” 

Tony Neate, CEO of Get Safe Online commented:“These latest figures show the enormous and quite frankly daunting impact online crime can have on a business, its reputation, its employee and even its continued operation. It also highlights the abundance of ways a business can be targeted, both externally and from within. To tackle this issue head on, businesses need to review their own skills and knowledge, determine if they need outside help and then create measures to prevent, detect and respond to potential security threats. It’s all about education, and staff must be aware of this plan and trained where necessary. 

“With new data regulations in place, we’ll see more and more businesses in London start to report online crime and realise that the right staff training can go a long way to helping prevent this growing problem. We recommend all small businesses visit the Business section of the Get Safe Online website - Click Here

 

Basic measures

Get Safe Online recommends that all businesses ensure that at least the following basic measures are in place to protect their organisation from online crime:

  • Set up structured employee education and awareness training, make sure it is conducted regularly and kept up-to-date.
  • Install internet security solutions on all systems – including mobile devices.
  • Keep all operating software, application software, mobile apps and web browsers up to date.
  • Set up and enforce a strict password policy for all employees and contractors.
  • Consider restricting access to dodgy websites to lessen the risk of being exposed to malware, and create a policy governing when and how security updates should be installed.
  • Introduce rules on safe mobile working, including use of unsecured Wi-Fi hotspots, shoulder surfing and protecting devices from theft or loss.
  • Increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures.
  • Maintain an inventory of all IT equipment and software – including redundant systems – and identify a secure standard formation for all existing and future IT and comms equipment used by your business.
  • Restrict staff and third-party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access.
  • For home and mobile working, ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users.
  • Restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed. Have a proper BYoD (Bring Your Own Device) policy in place.

Comprehensive expert, impartial, practical, free advice can be found at www.getsafeonline.org/business

 

Help

If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk

Picture: Campaign material from Action Fraud and Get Safe Online

Article written by Brian Shillibeer

Share



Related Articles

Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
Ransomware - the Protection Racket

ThisWeekinFM has been making a racket about Cyber Security because vulnerabilities are exploited at a personnel and personal level - where FM's should have some...

 Read Full Article
Who's Taking on the Cyber Men?

One in five businesses have fallen victim to cyber attacks in the past year, according to the results of a survey released this week ending April 21 by the British...

 Read Full Article
Phishing, Crashing and Nicking - a Security Digest

The City of London Police’s National Fraud Intelligence Bureau (NFIB) is urging university staff to take preventative action following more than 100 reports from...

 Read Full Article
World's Local Bank Back on World-wide Web

The disruption this week for HSBC and its online customers appears to be over as it declared matters were now ‘stable’ but embarrassment remains for the...

 Read Full Article
Count-down to Disaster - NCA Opens Two Week Window to Prevent UK-wide £Millions Fraud

The UK's national Crime Agency (NCA) yesterday announced a two week opportunity to reduce a threat from a powerful new computer attack. It urged businesses and...

 Read Full Article
On Trend - Can Hackers Turn The Heat Off?

Ken Munro of Pan Test Partners has written a blog - the original of which and more pictures can be accessed if you Click Here  Munro says he has found...

 Read Full Article
NHS Seeks Friendly Fire Power In Cyber War

NHS Digital has announced (Nov 28) a £20m project to boost its ability to support the NHS with its data security - including making funds available to encourage...

 Read Full Article
If Dolly Can Be Hacked, What About The Hand Dryer?

  Connected toys with Bluetooth, wi-fi and mobile apps may seem like the perfect gift for Christmas. But Which? has found that, without appropriate safety...

 Read Full Article
Yahoo Cyber Breach Was Bigger

Yahoo has announced (week ending Oct 6) that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company...

 Read Full Article