How To Be A Cybercrime Buster
This article explores the risk that fraud and cybercrime pose to businesses and what steps can be taken to combat that risk.
What cybercrime risks are out there?
Fraudsters are becoming ever more adept, and it is important that businesses try to stay one step ahead. Cybercrime has many guises but some of the key risks that businesses face are:
- Data Breaches – This is one of the most common forms of cyber threat and it occurs when fraudsters gain access to sensitive information (often customer data) and sell these on the dark web for profit or use that information to steal the identity of your customers or employees and cause them damage using their good credit rating to fraudulently acquire goods.
- Ransomware Attacks – This is a type of malware that will encrypt a company’s data rendering it inaccessible until a ransom is paid.
- Phishing and Social Engineering – This is when an employee is tricked in to either clicking on a link which allows the fraudster access to the companies IT systems or fraudsters use social engineering to achieve that same goal.
- Malware and viruses –This is when a rogue piece of software (a virus) makes its way into a company’s systems making them subject to malfunctions, data loss and potentially unauthorised access.
- Insider threats – Not all threats are external, and employees may have malicious intent and use their access to steal or leak sensitive information.
- DDoS attacks – This is a ‘Distributed Denial of Service’ attack and it will overload a company’s servers making its online services unavailable to users which can result in revenue loss, damage to a company’s reputation and loss of trust from customers.
- Email Compromise – This is where a company has their email hacked and a fraudster will impersonate a company executive and deceive employees into making money transfers or sharing sensitive information. This is also known as ‘CEO fraud’.
This is not an exhaustive list and there are a number of different fraud and cyberthreats out there to keep businesses on their toes.
Is my business at risk?
In a word, yes. It is a misconception that cybercriminals only target large companies. Any size business is at risk from a cyber-attack with potentially devastating consequences for that business. According to The Cyber Security Breaches Survey 2021  undertaken by the government, two in five UK business experienced cyber attacks in 2020. More recent data reveals that t he UK had the highest number of cyber crime victims per million internet users at 4783 in 2022 – up 40% over 2020 figures . It is also thought that due to the stigma that attaches to having been victim to a cyber-attack that the number may in fact be higher as it often goes unreported.
2020 saw a stark rise in cybercrime due to the pandemic and it showed businesses were ill prepared for the digital war that covid accelerated. In the last three years businesses are taking steps and making more effort to protect themselves from cybercrime.
Whilst all businesses are at risk there are particular industries that tend to be targeted more often due to the fact that they are most likely to hold personal data about customers and these are:
- Finance and Insurance;
- Health, social work and social care; and
- Administration and Real estate.
If you work in one of these industries it is especially important that steps are taken to ensure that your company is kept safe from any potential threats.
An example of the dangers can be seen in our own industry, with a law firm being subject to a cyber attack causing a client significant losses .
Why tackling Fraud and Cybercrime makes good business sense
Fraud and cybercrime represent 41% of all crime in the UK  and conversely Police resources dedicated to economic crime are approximately 1%. If your business is the victim of a cybercrime attack the potential consequences range from financial losses, damage to reputation and loss of customer trust.
It is important that businesses are proactively protecting themselves from fraud. By doing so you can help to reduce the risk of fraud and operate with assurance and confidence thereby instilling confidence in your business for your customers.
What steps to take to protect your business from cybercrime
Tackling cybercrime is a difficult task as it is an ever-changing landscape. In addition there is unfortunately not a catch all procedure that a business can undertake. Where you channel your efforts will depend on the risk profile of your business, however, here are 5 quick fire pieces of advice that will stand your business in good stead to keep ahead of the cybercrime threat.
- Robust Security Measures – This basically means ensuring that your IT systems are kept safe or at least are impenetrable enough that a fraudster may move on to another softer target. Ways of ensuring robust security measures are:
- Installing the latest updates on computers and devices. Cyber criminals often exploit known vulnerabilities in software and by regularly updating operating systems and applications these vulnerabilities are closed.
- Making sure that you have firewalls in place. Firewalls act as a barrier between internal networks and the internet by controlling incoming and outgoing traffic.
- Have good anti-virus software. Antivirus software is designed to protect, prevent and remove various types of malwares such as trojans, ransomware, adware and more. It scans in real time to identify malicious codes and quarantine them before they can cause harm.
- Ensuring you have strong access controls. Multi-factor authentication ensures that users need to provide multiple forms of identification before access to data or systems can be obtained. This also works conversely in that companies should limit user privileges so that only specific people have access to sensitive information and systems necessary to perform their roles.
- Employee Education and Training – Unfortunately human error is a significant factor in cybercrime. Providing regular training to employees on threats and best practices will raise awareness and hopefully allow them to spot threats such as phishing emails.
- Regular Data backups – Perform regular data backups to ensure that in case of a cyber incident or ransomware attack that critical information can be restored. These backups should be stored in an offsite location and be encrypted to ensure safety.
- Incident response plan – Develop a comprehensive incident response plan that outlines steps to be taken in case of a cyber incident. This plan should include protocols for detection, containment, eradication, recovery, and lessons learned after an attack. Regrettably it is often only after an attack that businesses put protocols in place.
- Third party risk management – If your business works with other providers (which is very likely in this modern age) then this is the process by which you identify, assess and mitigate risks associated with that relationship. Actions to be taken could be to assess their cybersecurity practices and ensure they meet your security standards and potentially require them to sign agreements to uphold security measures and report any incidents promptly.
What Fraud Threats are Supply Chains Open to?
There are many ways in which a supply chain can be under threat from fraud. Some of the most common are:
- Invoice Fraud: This is where fake invoices are generated, or legitimate invoices are altered to overcharge for goods or services, or to divert funds for seemingly genuine goods/services into a fraudster’s account. This is an area of risk typically associated with cybercrime.
- Product Substitution: This is when there is substitution of products used in the supply chain for inferior or counterfeit materials. These are often of poor quality and can lead to the overall product being defective causing quality control issues and customer dissatisfaction.
- Kickbacks and Bribery: This occurs when individuals within the supply chain accept bribes or kickbacks from suppliers in exchange for favouring their products or services, often at the expense of the victim company’s best interests. Company’s should also be aware of the Bribery Act 2010  which (amongst other offences) states that a commercial organisation can be guilty of an offence if they fail to prevent persons associated with it from bribing.
- Data Manipulation: Fraudsters may manipulate supply chain data, such as inventory levels, production figures, or sales data, to mislead stakeholders and create false financial statements. An example of this is the Patisserie Valerie scandal .
- Ghost Employees and Vendors: This is where fraudster create fictitious employees or vendors to issue fraudulent payments and divert funds.
- Collusion and collaboration: This is where multiple employees conspire together to bypass and/or override certain business protocols and transactions to undertake fraud. This can often include external third parties.
- Sanctions violations: There are occasions where economic sanctions are put in place that restrict the flow of assets to or from certain countries. By importing goods from these countries businesses may be placed breach of these sanctions which can cause significant reputational damage (as well as monetary). There are many ways in which sanctions can be violated and this often takes the form of disguising where goods have come from. Examples of this are deliberately disabling a ship’s tracking system or setting up a complex and confusing network of companies to avoid detection.
- Contract and Misrepresentation Fraud: This is where there is a misrepresentation in terms of pricing, ability to deliver a project based on experience or resource, or other aspects of the supply chain contract which can lead to losses for one of the contracting parties.
Cybercrime is an ever-evolving area. Cyber-criminals adapt and exploit vulnerabilities which makes it a difficult battle to fight. However, by ensuring that you take steps to protect your business you can ensure that you stay one step ahead of the cyber-criminals and make yourself an unenviable target.
We understand when dealing with fraud it can often be fast paced and confusing, lonely and worrying. We are a safe place to help you from start to finish. If you would like to discuss any issues in relation to fraud, cybercrime or protecting your business, please contact us at email@example.com
Authors Rebecca Craig
"*" indicates required fields