Procurement · 18 August 2016

Online crime – The scourge of small business

cyber crime
£1bn was reported lost by businesses to online crime in the last year

What are the key online crimes small business owners need to watch out for? What steps should you be taking in order to keep your firm safe? Our NatWest expert investigates.

With online crime becoming an increasing threat for small businesses, figures from Get Safe Online and Action Fraud show that from March 2015 to March 2016, £1bn was reported lost by businesses to online crime.

This comes as Action Fraud saw a 22 per cent increase in crimes reported, from 30,475 between 2014 and 2015 to 37,070 a year later.

On average, each police force in the UK recorded £19.6m in losses by businesses in its area. However, the true picture could be even higher, as figures do not take into account the amount potentially lost by businesses that choose not to report online crime to the police.

From the latest figures, it’s evident that businesses need to do more to ensure staff across the board have appropriate online fraud awareness training, so that everyone understands their role in keeping the business secure. A substantial amount of attempted fraud against businesses is successful due to the lack of knowledge or sloppy habits of employees.

“Businesses are a major target for fraudsters and these figures illustrate the significant rise in fraud reports,” says City of London Police’s commander Chris Greany, who is also the Police National Coordinator for Economic Crime.

“The true figure will be much higher and business owners need to take steps as many of these crimes could be prevented.”

Online crimes on the rise

Delving into the figures, it’s evident that mandate fraud is becoming an increasingly worrying issue for businesses. This occurs when a fraudster gets victims to change a direct debit or standing order by pretending to be an organisation that a victim makes regular payments to, for example a business supplier or subscription service.

It’s an extremely targeted approach, and in the last year has seen a significant 66 per cent increase, with 2,323 reported cases, compared with 1,403 in 2014 to 2015.

Other types of fraud that have spiralled are CEO fraud – where an employee is tricked into making a payment by means of an email purporting to be from a senior manager – and extortion, where files on a computer or entire network are rendered inaccessible by ransomware until a release fee is paid.

Corporate employee fraud – where employees or ex-employees obtain property or compensation through fraud, or misuse corporate cards and expenses – is also on the rise, with 1,440 cases recorded between 2015 and 2016.

Listed in the top ten most-reported crimes by businesses in the last 12 months, this demonstrates how fraud is not just an external threat, but how vital it is for all businesses to provide staff with the right tools and training to be able to identify signs of suspicious activity, as well as having guidelines in place on whistleblowing.

Hacking is perhaps one of the main issues facing small businesses. A fraudster can hack into a business’ server or an employee’s personal computer, or access email/social media accounts to obtain private information. In its various forms, hacking has been one of the most widely reported types of fraud in the past year, with 1,314 reported cases.

Specifically targeted fraud

Other types of fraud committed against specific industry sectors such as retail and insurance also accounted for a substantial proportion of crimes reported by businesses, owing mainly to the typical transaction values involved.

Retail fraud – defined as fraud committed against retailers through refund fraud, label fraud or when goods are ordered with no intention of paying – has risen by 71 per cent, accounting for almost a quarter (22 per cent) of the total recorded crimes.

In terms of the areas worst affected, the Metropolitan and Essex police forces received the largest volume of reports, with 5,742 and 2,505 cases of online crime.

This is followed by Thames Valley (1,335), Kent (1,185) and the West Midlands (1,158). Furthermore, the Metropolitan Police area had the highest reported loss of £240m, followed by Essex (£196m) and Leicestershire (£188m).

Some good news

Although it’s still one of the most widely reported crimes affecting businesses, reports of cheque, plastic card and online bank account fraud decreased by 21 per cent in the last year, moving from the most-reported fraud with 7,114 reports in 2014 to 2015 to third this year with 5,682 cases.

Keep your business safe

The Get Safe Online campaign recommended that all businesses ensure the following basic measures are in place to protect their organisation from online crime:

  • Set up structured employee education and awareness training, making sure it is conducted regularly and kept up to date
  • Install internet security solutions on all systems – including mobile devices
  • Keep all operating software, application software, mobile apps and web browsers up to date
  • Set up and enforce a strict password policy for all employees and contractors
  • Introduce rules on safe mobile working, including use of unsecured WiFi hotspots, shoulder surfing and protecting devices from theft or loss
  • Increase protection of networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures
  • Maintain an inventory of all IT equipment and software – including redundant systems – and identify a secure standard formation for all existing and future IT and communication equipment used by your business
  • Restrict staff and third-party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access
  • For home and mobile working, ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users
  • Restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed. Have a proper BYOD (bring your own device) policy in place

One in five consumers has experienced cyber crime in the last year, costing the UK £1.6bn. Read more here

Sign up to our newsletter to get the latest from Business Advice.


 
TAGS:

ABOUT THE EXPERT

Marcelino Castrillo is MD of business banking at RBS in September 2015.   Prior to to that, Castrillo was MD of SME banking at Santander, where he was responsible for leading the challenge of scaling Santander’s business bank and managed the business through a period of significant change.

Work and Wellbeing