In his first blog post for the UK200Group, Paul Hawksley, Partner, TWP Accounting, discusses the ongoing issue of Cyber Crime.
Barely a week goes by without a scandal involving cyber crime, in recent months we have had the “methbot” supposedly responsible for stealing $3-5million per day from online advertising companies and also reports of a spambot leaking details of 711million email accounts. Whilst, it would be easy to think that this type of issue doesn’t affect small businesses, the reality is that this is not true at all, there is a risk to all businesses, of course there is a higher risk to small businesses as they may not have adequate controls in place.
There are two main risks to small businesses in relation to cyber crime:
Fraudulent invoicing and payments
I’m sure everyone has seen emails alleging to be from a relative who is about inherit $500 trillion and needs some help, however these have now become more sophisticated. I have seen a number of messages whereby emails are faked so that they appear to be coming from an individual inside the organisation or even hacking into legitimate suppliers email accounts and giving different payment details for payments to be made. The fraudsters appear to be spending time researching organisational structures online before sending the emails. Having seen numerous emails it is easy to see how people are fooled into making these payments. To receive an email from the managing director asking for a payment to be made is not an unusually occurrence.
Also, we have recently seen a number of invoices sent via traditional post for services such as Intellectual property registers or parking fines which are not real. Obviously a number of people are paying them as they continue to be sent suggesting they are making money out the activity.
Due to the size of small businesses, there is an increased risk of fraudulent payments being made as many businesses may not have robust financial controls in place. A s a result, they are often targeted by fraudsters. Business owners should consider implementing the following steps to reduce the risk, the majority of which have always been best practice to reduce fraud risk:
1. Ensure segregation of duties between staff drafting and approving payments. This will reduce the risk of someone making a silly mistake as it involves two people both overlooking the error.
2. Have someone who can confirm that a service has been delivered and approve the invoice before any payments are made. It’s unlikely that even in the smallest of businesses for the person responsible for making payments to be aware of everything going on in the business.
3. Don’t make payments from emails received unless you are confident about the source of the email.
4. Don’t approve payments in a rush, ensure that you are sense checking any payments.
5. If something looks odd phone the supplier to confirm payment details before making any payments, its better to be safe than sorry!
Unauthorised Data Access
Every single business out there has sensitive data be it supplier information, payroll data, trade secrets which would be embarrassing if it was leaked by hackers, its also potentially expensive as the leaking of personal data can lead to loss of reputation, cost of remediation and even penalties and fines.
As a result of this, its worth all businesses ensuring that IT networks are kept as secure as possible again there are a number of easy steps to take such as:
• User education – ensure users are aware of best practice and their role in keeping passwords safe
• Password policy – ensure passwords are kept safe and secure. Passwords should also be changed regularly and of an appropriate complexity
• Software updates
• Anti virus and firewalls – both of these are the basics of computer security and reduce the risk of unauthorised access to computer networks
• Cyber insurance – consider having insurance in place to cover any potential losses
Back to Blogs