How cyber savy are your staff?
That’s the question being posed to businesses leaders across the Humberside force area following news that more than £2.75 million was lost to cyber criminals by local firms in the last year.
Between March 2015 and March 2016, businesses in the Humber region reported losses of £2,761,337 to online crime.
And – as firms attending last week’s launch of the Humber Business Resilience Forum (HBRF) were warned - it is believed that 50 per cent of successful cyber attacks get through because of mistakes by staff.
Today Detective Inspector Rich Osgerby from the force cyber crime unit is appealing for businesses to ensure their staff are trained on the importance of taking simple security steps to help eliminate such attacks - and leaflets outlining the basics are available to download here.
He said: “It’s evident from the reports coming in that businesses need to do more to ensure that all staff have appropriate online fraud awareness training and that everyone knows and understands their role in keeping the business secure.
“A substantial amount of online fraud targeted at businesses is successful due to lack of knowledge or complacency on the part of employees.”
The problem is not something that is unique to Humberside. On average, each police force in the UK recorded £19,626,323 in losses by businesses in their area in the last year.
And, according to the latest figures from Get Safe Online and Action Fraud, there was a 22 per cent national increase in reports to Action Fraud last year (30,475 reports in 2014 to 37,070 last year).
However, the true picture could be even higher, as these figures do not take into account the amount potentially lost by those businesses who choose not to report online crime to the police.
Online crimes businesses must watch out for
Mandate Fraud is becoming an increasingly worrying issue for businesses. This occurs when a fraudster gets victims to change a direct debit or standing order by pretending to be an organisation a victim makes regular payments to, for example a business supplier or subscription service. It’s an extremely targeted approach, with 17 cases reported in Humberside alone in the last year, and £125,069 lost to it by businesses in the area.
Corporate employee fraud – where employees or ex-employees obtain property or compensation through fraud, or misuse corporate cards and expenses – is also on the rise, with £225,307 lost by businesses in Humberside.
Its position in the top ten most reported crimes by businesses across the UK in the last 12 months demonstrates how fraud is not just an external threat, but can also affect a business from the inside. It is therefore vital for all businesses to provide their staff with the right tools and training to be able to identify signs of fraud or suspicious activity, before it’s too late, as well as having guidelines in place on whistleblowing.
Hacking is perhaps one of the main issues facing businesses, with 1,314 reported cases in the UK in the last 12 months. A fraudster can hack into a business's server, an employee’s personal computer, or access email/ social media accounts to obtain private information.
Retail and investment industries also targeted
Other types of fraud committed against specific industry sectors such as retail and insurance also accounted for a substantial proportion of crimes reported by businesses, owing mainly to the typical transaction values involved.
There were 67 reported cases of retail fraud – defined as fraud committed against retailers through refund fraud, label fraud or when goods are ordered with no intention of paying – in the Humberside force area in the past year.
Nationally, this type of fraud has risen by 71 per cent in 2014 – 2015, from 3559 cases reported in 2014 – 2015, to 8163 cases in the last year.
DI Osgerby added: “For today’s modern business, the ability to safely email, work remotely and operate a website is crucial to everyday operation, success and the ability to grow.
“However, hand in hand with this does come an element of risk and, seeing the huge amount lost by businesses in Humberside to online crime in the last year, highlights how local businesses need to train their staff and spot the signs early on.”
Online security tips
To help reduce the risk to your firm, ensure that you have the following measures in place at the very least:
- Set up structured employee education and awareness training, make sure it is conducted regularly and kept up-to-date.
- Install internet security solutions on all systems – including mobile devices – and keep all operating software, application software, mobile apps and web browsers up to date.
- Set up and enforce a strict password policy for all employees and contractors.
- Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware, and create a policy governing when and how security updates should be installed.
- Introduce rules on safe mobile working, including use of unsecured Wi-Fi hotspots, shoulder surfing and protecting devices from theft or loss.
- Increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures.
- Maintain an inventory of all IT equipment and software – including redundant systems – and identify a secure standard formation for all existing and future IT and comms equipment used by your business.
- Restrict staff and third-party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access.
- For home and mobile working, ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users.
- Restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed. Have a proper BYoD (Bring Your Own Device) policy in place.
To find out more about staying safe online, visit Cyber Security: Has It Clicked?, Get Safe Online or the Humber Business Resilience Forum.
If you believe you are a victim of fraud, visit Action Fraud or call 0300 123 20 40.