How To Avoid Losing Your Business Profits To Cyber Fraud
UK SME’s remain a key target for cyber scammers. Millions of pounds are lost to the most common cyber frauds.
Criminals continue to evolve their scams to ever more sophisticated fraud techniques with many businesses still vulnerable to these cyber-attacks due to a lack of awareness or prioritisation of prevention.
Common Payment Frauds
1. CEO fraud
Cybercriminals impersonate senior managers to trick other employees into making unauthorised payments or releasing sensitive information. Typically, this will be an email that appears to be from the CEO / MD instructing an urgent payment to be made to a new supplier. As well as the bank account details for the payment, usually there will be some additional story about why it is urgent, such as it is needed to secure a big discount. Via the use of social engineering criminals can time these emails to coincide with the CEO / MD being out of the office.
2. Invoice redirection and mandate fraud
Cybercriminals pose as a regular supplier to the company and make a formal request to the finance team to change the bank account details for future payments. The criminals can have enough information regarding the true supplier relationship to be very convincing. The fraud is often discovered only when the genuine supplier chases for non-payment of their invoices.
3. Business Email Compromise
Similar in approach to CEO fraud and Invoice Redirection, this variant stems from a cybercriminal hacking into a business email system allowing them to monitor email conversations and determine the most effective fraud technique to apply.
Four Steps to Protect your Business
1. Raise awareness
In the same way that (hopefully) no-one still falls for the “Nigerian finance minister looking to deposit millions into your bank account” scam, the latest frauds can usually be prevented if the techniques are understood throughout your business. Ensure all staff, and particularly your finance team, are trained about the risks, implications, and how to spot the signs. The Action Fraud website is a good place to get free information and advice (https://www.actionfraud.police.uk/).
2. Authenticate payment requests
Verify any email/telephone requests for payments before they are made. Ideally by a second trusted contact, such as a co-director.
3. Introduce internal checks
Ensure that all requests for changes to supplier’s bank details are validated by calling a known contact at the supplier for verification.
Encourage all staff to refer any suspect emails/communications to a colleague for double-checking.
4. Maintain IT Security
Your IT systems need to be sufficient to protect against cyber risks, and to minimise the impact on the business of any attack that gets through. Anti-virus software, data access security, and data back-ups are all essential.
Your own part-time Finance Director will have practical experience in implementing the internal systems and processes necessary to minimise cyber risk, including the correct set-up of banking systems, and the potential to insure against cyber risks. To arrange a call with a potential finance director please contact us at info@financeheads.co.uk.