As the world slowly returns to ‘normal’ how can you protect yourself and your business from the opportunist fraudsters that threaten the security of your business? Francesca Dowling offers some advice
Covid-19 has caused chaos across the world. People have been forced to change their habits that were generations in the making. We’ve done things we never thought we would do and had to communicate with organisations that we never previously had contact with. For some people, these have been desperate times.
Previously successful businesses have collapsed overnight. Perhaps for the first time in their lives, some have felt the fear of having no income, no means of support.
All of the above make fraudsters rejoice, as they make us more vulnerable to fraud than ever before. Some believe that fraud has risen by as much as 80% during the pandemic. Preventing fraud is a subject I’m passionate about. This is no victimless crime. It is devastating for businesses and for individuals. I’ve spent my professional life learning how to combat it. As the world slowly returns to ‘normal’ how can you protect yourself and your business?
It is important to understand the risks to your business so do a risk analysis. All businesses are different, and you need to understand the vulnerable areas in yours. In terms of IT, your IT support team are not the best people to check. It is well worth getting an independent review undertaken by specialists who are expert in finding the holes. Asking your IT team to do it is like asking a chef to validate the hygiene standards in their kitchen, it is not in their interests to expose the problems. However, the security does not start and end with IT. There are many other things to consider. I hope the list below helps you avoid becoming a victim. They should all be part of your risk analysis.
1Maintain security at home. Governments are now encouraging people to go back to the office; however, most companies are going to continue to work from home, at least some of the time. That creates new security risks for your business.
Education and training for all employees is key, so that they understand that security remains a priority. In my experience, employees need to be regularly reminded of the security basics, such as installing updates, having secure passwords and changing passwords on the internet hub. You can help by ensuring that passwords have to be automatically updated regularly on your e-mail system.
However, you also need to consider the social risks. Do you keep data on customers, for example? Do employees live in shared houses where sensitive data might be accessible to others?
2Manage bring your own devices (BYODs). Is anti-virus software installed on all computers and mobile devices that employees are using, whether or not owned and managed by the company? Good anti-virus software on mobile devices will even identify suspicious calls. It is worth asking employees not to use devices unless they are protected.
3Keep up to date on security options. At Amaiz, our banking app uses of biometrics, which is becoming increasingly common. Biometrics, such as fingerprint or iris scanning offer less customer friction than standard security measures. However, as a basic, you should be using two-step authentication. If your IT support don’t offer that as standard it means that they don’t take cyber security seriously enough so find a new supplier.
4Control who has access to company assets. Do you know who has access to essential company assets? Do you have a record of everyone who has access to your e-mail system, your website and your social media? If you don’t it would be very easy for an ex-employee, perhaps one you’ve just made redundant, to cause you problems. It is alarmingly common. Keep records and change passwords as soon as one of those employees leaves the company.
5Share risks. Colleagues should discuss emerging fraud trends and how to stay vigilant. If you suspect you have been targeted, or have received a phishing email, this should be shared so others can be alert to the threats. Keep an eye out for new scams by following police and other official bodies on social media.
6Communicate. In our new virtual world it can be easy to avoid speaking to actual people at all! However, talking to people is an important protection against fraud.
A common scam, for example, is to email or text someone asking for money. This may appear to come from someone legitimate, perhaps even your bookkeeper and written in the language and style that they would normally use. Or perhaps it is a supplier who has emailed you to tell you that their bank details have changed. Both look very legitimate. Both are actually very common scams. Never send money in response to an e-mail or a text, even from someone you know well. Pick up the phone and check, every time.
7Do your due diligence. Check your potential customers and suppliers before you engage with them. One trick I use is to Google their phone number. It can tell you about other businesses they run, or have run, and how legitimate they are. Be very sceptical about glowing online reviews. People rarely review a company unless there is a problem, so all those five-star reviews are probably fake. Look instead at the critical reviews, they’ll tell you much more. How does the company respond to criticism, do they respond, do they care?
Look for reviews where the language is similar, the same grammatical errors, no grammatical errors and also for the same date and the same location. All these indicate that the reviews have been written by one person who was probably paid by the company to write them.
8Treat everyone as a cold caller. If someone phones you that you don’t know personally (i.e. You recognise their voice), treat them as a cold caller. By that I mean, don’t give them any sensitive information. If you’re asked for it, tell them you will phone them back. Then check the official number (from a bill or from their website) and call them on that number from a separate phone.
One very common trick is for the fraudster to stay on the line so that they can pretend to answer the call. Scammers are also very good at putting you under pressure, as they know that this will lead you to being less cautious than usual. They will even threaten prison. If that happens, hang up immediately. Official bodies don’t demand money like that.
9Don’t use public WiFi. As you start to get out and about again and perhaps work from coffee shops and other public places, it can be very tempting to log onto that free Wi-Fi. If you do, please check with the server the official Wi-Fi and only log into that. It is very easy to set up an account that looks very official with a name that looks right. The fraudster will then steal your bank details and passwords.
Francesca Dowling is Head of Compliance and fraud expert at business banking app, Amaiz (www.amaiz.com).