For most small businesses, the thought of cashing £16.4m over the Christmas period would make their festive season truly merry. But, according to the national fraud reporting centre Action Fraud, that’s the amount online fraudsters made last Christmas – a whopping 42% increase on 2013. If the trend continues, this year the threat could be even greater.
These are some tips to help you prevent fraud this Christmas.
1. Be aware of the different types of fraud
According to Roy Towell, RBS Fraud Manager, Prevention and Support, there are myriad ways fraudsters can target your business, so it pays to get as familiar as you can with the possible modes of attack.
These include hacking into and compromising an account, sending a fake invoice or impersonating a regular supplier (so be suspicious if their payment details suddenly change and ensure you confirm their details independently with them).
Another common scam is “whaling”, or a spoof email from the boss asking to rush through a payment. Be aware, too, of calls or mail being redirected or intercepted and “vishing”, which is when fraudsters phone up pretending to be from your bank.
2. Use the expertise of your bank or card provider
“Ask your bank or card processor about the online protection offered by card schemes such as Verified by Visa, SecureCode by MasterCard and American Express’ ‘Safe Key’, which help make transactions over the internet safer,” advises Giles Mason of Financial Fraud Action UK.
“Be wary of high value or unusual orders from customers you do not know, particularly if the product is easily resalable. Maintain a record of fraudulent accounts and transactions to prevent further breaches. Also, use the banking industry’s ‘Address Verification Service’, which compares the delivery address provided for the order with the billing address details for the payment card held by the card issuer,” he adds.
Trusteer Rapport is an example of free security software that many banks are offering their customers that could help businesses secure their finances further.
3. Get the basics right
In 2014, 60% of small businesses experienced a cyber breach, with the worst costing between £65,000 and £115,000, estimated the Department for Business, Innovation and Skills (BIS) in its Small businesses: what you need to know about cyber security guide. The Office for National Statistics, meanwhile, recorded around 2.5 million cyber crime offences in the year to June 2015. Getting the basics right around security is a vital first step – essentially, don’t make it easy for potential fraudsters.
The basics in this context include ensuring you regularly download software and app updates as they appear, have strong passwords (and cyberstreetwise.com/software-updates can offer useful advice here), always delete suspicious emails, install anti-virus and anti-malware software and train your staff about cyber security.
4. Carry out a risk audit
To manage threats effectively you need to understand what they are, but also where your business has weak spots, advises the BIS, who also recommend that businesses carry out a risk audit. This should include asking yourself:
What is directly at risk? This could be, for example, your money, data, reputation, IT equipment and so on
Who could pose a risk? This might include criminals, current or former employees or competitors
What form could the threat take? For example, it could be theft or unauthorised access to systems, remote attack on your website, information, bank account or hosted services
What impact could an attack have? This could include financial loss, disruption, losing business, damage to your reputation, recovery or clean-up costs, fines or damage to companies you supply or are connected to
5. Make sure you’re alert to the dangers of internal fraud/sloppiness
Just as it’s important to have controls in place to tackle external fraud, it’s vital to be alert to the risk of internal fraud. This includes the possibility of deliberate fraud or theft by employees (perhaps when the office is otherwise deserted or, conversely, madly busy over Christmas) but also simply the danger of employees being careless or sloppy about security. The answer here is effective staff training and controls, including a robust “user privilege” procedures in place around, for example, access to data or systems.
“Who has access to what sensitive data, and should they?” Guy Bunker of security firm Clearswift asks. “How do they share data? Will they take company data with them when they leave? What would happen if a company phone was left on a train? Could any of them be tempted to sell data?”
It’s natural to be trusting, and you don’t of course want to get into the mindset that customers, employees or partners are a potential threat, but it is important to understand that fraud is a real and genuine risk.
Ultimately, the best protection against fraud is constant vigilance. As the police’s National Coordinator for Economic Crime, Commander Chris Greany, warns: “If you feel like something is suspicious, it probably is, so it’s always better to be safe than sorry.”
RBS works closely with external agencies (such as the police, Trading Standards and the British Bankers’ Association) building an extensive network to support and inform our customers through the media, regular messages, events and literature.
The bank also has awareness-raising literature in branches and online, which is freely available to customers, as well as a dedicated scams team that is available 365 days a year to customers who believe they have been targeted by a fraudster.