Warning to businesses about dangers of cyber crime
14 Jun 2016 12:30 PM[View Full Size]
New figures released today show that more than £2 million was reported lost by businesses in Northumbria in the past 12 months as a result of online crime.
Action Fraud have revealed that in the year from March last year the number of cyber crime against businesses across the UK increased by 22 per cent from 30,475 to 37,070.
The national picture is even more worrying with more than £1 billion being lost to fraud by businesses across the UK - and that does not include all those businesses who choose not to report online crime to the police.
Now Get Safe Online have warned all businesses that they need to do more to ensure staff across the board have appropriate online fraud awareness training, so that everyone understands their role in keeping the business secure.
The charity claims that a substantial amount of attempted fraud against businesses is successful due to lack of knowledge or sloppy habits by their employees.
Tony Neate, CEO of Get Safe Online, said: “These latest figures show the enormous, and quite frankly daunting impact online crime can have on a business, its reputation, its employee and even its continued operation. It also highlights the abundance of ways a business can be targeted, both externally, and from within.
"To tackle this issue head on, businesses need to review their own skills and knowledge, determine if they need outside help, and then create measures to prevent, detect and respond to potential security threats. It’s all about education, and staff must be aware of this plan and trained where necessary.
"With new data regulations in place, we’ll see more and more businesses in Northumbria start to report online crime and realise that the right staff training can go a long way to helping prevent this growing problem. We recommend all small businesses visit the Business section of the Get Safe Online website."
Detective Inspector Angela Hufton, of Northumbria Police's Cyber Crime Unit, said: "For today’s modern business, the ability to safely email, work remotely and operate a website is crucial to everyday operation, success, and the ability to grow.
"However, hand in hand with this does come an element of risk, and seeing the huge amount lost by businesses in Northumbria to online crime in the last year, highlights how local businesses need to train their staff to spot the signs early on."
Mandate Fraud is becoming an increasingly worrying issue for businesses with 30 cases reported in Northumbria alone in the last year, and £444,693 lost to it by businesses in the area.
This occurs when a fraudster gets victims to change a direct debit or standing order by pretending to be an organisation a victim makes regular payments to, for example a business supplier or subscription service.
Corporate employee fraud is another big danger for businesses and involves employees or ex-employees obtain property or compensation through fraud, or misuse corporate cards and expenses. It is also on the rise in the region with 13 cases recorded in the last year and £225,262 lost by business in Northumbria.
Hacking is perhaps one of the main issues facing businesses. A fraudster can hack into a business's server, an employee’s personal computer, or access email abd social media accounts to obtain private information. In its various forms, hacking is one of the most widely reported types of fraud in the UK over the past 12 months, with 1314 reported cases.
Get Safe Online recommends that all businesses ensure that at least the following basic measures are in place to protect their organisation from online crime:
• Set up structured employee education and awareness training, make sure it is conducted regularly and kept up-to-date.
• Install internet security solutions on all systems – including mobile devices.
• Keep all operating software, application software, mobile apps and web browsers up to date.
• Set up and enforce a strict password policy for all employees and contractors.
• Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware, and create a policy governing when and how security updates should be installed.
• Introduce rules on safe mobile working, including use of unsecured Wi-Fi hotspots, shoulder surfing and protecting devices from theft or loss.
• Increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures.
• Maintain an inventory of all IT equipment and software – including redundant systems – and identify a secure standard formation for all existing and future IT and comms equipment used by your business.
• Restrict staff and third-party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access.
• For home and mobile working, ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users.
• Restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed. Have a proper BYoD (Bring Your Own Device) policy in place.
If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk. For further advice on how businesses can stay safe online go to https://www.getsafeonline.org/business/.