Get Safe Online - Business Campaign
Over £1 billion lost by businesses to online crime in the last year
On average, police forces are seeing a reported £19 million lost by businesses in their area
22% increase in crimes reported to Action Fraud in the last year
Get Safe Online is urging businesses to better train staff to spot the signs of fraud
With online crime becoming an increasing threat for businesses, new figures from Get Safe Online and Action Fraud released today (Monday 13th June 2016) show that from March 2015 – March 2016, a huge total of £1,079,447,765 was reported lost by businesses to online crime. This comes as Action Fraud saw a 22% increase from 30,475 in 2014 – 2015, to 37,070 crimes reported in the last year.
On average, each police force in the UK recorded £19,626,323 in losses by businesses in their area. However, the true picture could be even higher, as these figures do not take into account the amount potentially lost by those businesses who choose not to report online crime to the police.
From these latest figures, it’s evident that businesses need to do more to ensure staff across the board have appropriate online fraud awareness training, so that everyone understands their role in keeping the business secure. A substantial amount of attempted fraud against businesses is successful due to lack of knowledge or sloppy habits by their employees.
The online crimes businesses must watch out for:
Delving into the figures, it’s evident that Mandate Fraud is becoming an increasingly worrying issue for businesses. This occurs when a fraudster gets victims to change a direct debit or standing order by pretending to be an organisation a victim makes regular payments to, for example a business supplier or subscription service. It’s an extremely targeted approach, and in the last year, has seen a significant 66% increase, with 2323 reported cases, compared to 1403 in 2014 – 2015.
Other types of fraud which have spiralled are CEO Fraud – where an employee is tricked into making a payment by means of an email purporting to be from a senior manager – and extortion, where files on a computer or entire network are rendered inaccessible by ransomware until a release fee is paid.
Corporate employee fraud – where employees or ex-employees obtain property or compensation through fraud, or misuse corporate cards and expenses – is also on the rise, with 1440 cases recorded in 2015 – 2016. Listed in the top ten most reported crimes by businesses in the last 12 months, this demonstrates how fraud is not just an external threat, but can also affect a business from the inside. It is therefore vital for all businesses to provide their staff with the right tools and training to be able to identify signs of fraud or suspicious activity, before it’s too late, as well as having guidelines in place on whistleblowing.
Hacking is perhaps one of the main issues facing businesses. A fraudster can hack into a business's server, an employee’s personal computer, or access email/ social media accounts to obtain private information. In its various forms, hacking is one of the most widely reported types of fraud in the past 12 months, with 1314 reported cases.
Get Safe Online recommends that all businesses ensure that at least the following basic measures are in place to protect their organisation from online crime. Comprehensive expert, impartial, practical, free advice can be found at www.getsafeonline.org/business
- Set up structured employee education and awareness training, make sure it is conducted regularly and kept up-to-date.
- Install internet security solutions on all systems – including mobile devices.
- Keep all operating software, application software, mobile apps and web browsers up to date.
- Set up and enforce a strict password policy for all employees and contractors.
- Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware, and create a policy governing when and how security updates should be installed.
- Introduce rules on safe mobile working, including use of unsecured Wi-Fi hotspots, shoulder surfing and protecting devices from theft or loss.
- Increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures.
- Maintain an inventory of all IT equipment and software – including redundant systems – and identify a secure standard formation for all existing and future IT and comms equipment used by your business.
- Restrict staff and third-party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access.
- For home and mobile working, ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users.
- Restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed. Have a proper BYoD (Bring Your Own Device) policy in place.
If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk. For further advice on how businesses can stay safe online go to https://www.getsafeonline.org/business/.