Cybercrime - be prepared
Article posted: 19th January 2018
Criminals are becoming increasingly sophisticated in how they approach businesses and convince staff to transfer money to them. Most attempts are made through identity theft – appropriating the identity of another without consent – and it can take on various forms such as an invoice, email or mail purporting to be from the owner, the finance leader, a customer or supplier.
A poll of 500 SMEs by Barclaycard last summer showed that 44% were worried about being hit by cybercrime or a data breach, and 34% were concerned about their ability to manage multiple threats, demands and priorities as their businesses grew.
Identity theft is growing and can be done remotely, so what steps can you take to minimise the threat to your business?
An identity thief can pose as a senior executive – to make an international bank transfer; an IT technician – to take control of your computer; a client – to change a delivery address; a tax official – to obtain undue payments; or a supplier – to change bank details.
They will often present fake but realistic looking documents and these can include correspondence using the letterhead of a real company, ‘official’ administrative forms or company registration documents.
Frauds will often follow a pattern. There will be an approach on the phone or via email from someone pretending to be the finance or managing director, often with an urgent and confidential request to the finance team (or an individual with access to the firm’s bank account) to transfer funds. This will usually be made towards the end of the week, at lunchtime or during the quieter months of the year. Once the funds are released, they are usually transferred abroad becoming untraceable, leaving the victim significantly out of pocket. The first a business knows about this is when the real FD, MD or customer confirms that they did not authorise the transaction.
Training staff can help to reduce risks to your business and creating policies will also help to ensure that very few people can authorise payments and/or access your bank account.
To safeguard your business from cybercrime:
- Always exercise vigilance with an unusual request.
- Remain objective about the nature of the request and ask for more details.
- Encourage staff to express doubts to you, their line manager or colleague.
- Don’t give in to pressure and deadlines.
- Check with the right people to ensure the payment request is real and authorised.
- Don’t open suspicious emails.
Back to blog listing
Other Articles by
Promotions and new faces
Client Spotlight - JTA
The life of Brian!