Online crimes on the riseDelving into the figures, it?s evident that mandate fraud is becoming an increasingly worrying issue for businesses. This occurs when a fraudster gets victims to change a direct debit or standing order by pretending to be an organisation that a victim makes regular payments to, for example a business supplier or subscription service. It?s an extremely targeted approach, and in the last year has seen a significant 66 per cent increase, with 2,323 reported cases, compared with 1,403 in 2014 to 2015. Other types of fraud that have spiralled are CEO fraud ? where an employee is tricked into making a payment by means of an email purporting to be from a senior manager ? and extortion, where files on a computer or entire network are rendered inaccessible by ransomware until a release fee is paid. Corporate employee fraud ? where employees or ex-employees obtain property or compensation through fraud, or misuse corporate cards and expenses ? is also on the rise, with 1,440 cases recorded between 2015 and 2016. Listed in the top ten most-reported crimes by businesses in the last 12 months, this demonstrates how fraud is not just an external threat, but how vital it is for all businesses to provide staff with the right tools and training to be able to identify signs of suspicious activity, as well as having guidelines in place on whistleblowing. Hacking is perhaps one of the main issues facing small businesses. A fraudster can hack into a business? server or an employee?s personal computer, or access email/social media accounts to obtain private information. In its various forms, hacking has been one of the most widely reported types of fraud in the past year, with 1,314 reported cases.
Specifically targeted fraudOther types of fraud committed against specific industry sectors such as retail and insurance also accounted for a substantial proportion of crimes reported by businesses, owing mainly to the typical transaction values involved. Retail fraud ? defined as fraud committed against retailers through refund fraud, label fraud or when goods are ordered with no intention of paying ? has risen by 71 per cent, accounting for almost a quarter (22 per cent) of the total recorded crimes. In terms of the areas worst affected, the Metropolitan and Essex police forces received the largest volume of reports, with 5,742 and 2,505 cases of online crime. This is followed by Thames Valley (1,335), Kent (1,185) and the West Midlands (1,158). Furthermore, the Metropolitan Police area had the highest reported loss of ?240m, followed by Essex (?196m) and Leicestershire (?188m).
Some good newsAlthough it?s still one of the most widely reported crimes affecting businesses, reports of cheque, plastic card and online bank account fraud decreased by 21 per cent in the last year, moving from the most-reported fraud with 7,114 reports in 2014 to 2015 to third this year with 5,682 cases.
Keep your business safeThe Get Safe Online campaign recommended that all businesses ensure the following basic measures are in place to protect their organisation from online crime:
- Set up structured employee education and awareness training, making sure it is conducted regularly and kept up to date
- Install internet security solutions on all systems ? including mobile devices
- Keep all operating software, application software, mobile apps and web browsers up to date
- Set up and enforce a strict password policy for all employees and contractors
- Introduce rules on safe mobile working, including use of unsecured WiFi hotspots, shoulder surfing and protecting devices from theft or loss
- Increase protection of networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures
- Maintain an inventory of all IT equipment and software ? including redundant systems ? and identify a secure standard formation for all existing and future IT and communication equipment used by your business
- Restrict staff and third-party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access
- For home and mobile working, ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users
- Restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed. Have a proper BYOD (bring your own device) policy in place
Sign up to our newsletter to get the latest from Business Advice.