Is it possible to achieve GDPR compliance in just one click?

The simple answer is – no. Despite the number of charlatans out there, claiming that there is a one size fits all solution, I’m afraid it’s not that straightforward.

Don’t get me wrong, achieving GDPR compliance needn’t be overly complicated, and it’s certainly not as scary as you may think. However, it’s important to be aware of the scare tactics that may blur facts from fiction. Here, we take a look at a few of the ones we’ve witnessed:

“You need to buy this, or you will risk fines of up to 4% of your annual revenues”

It is true that your organisation could be fined up to 4% of annual turnover, or up to 20 million euros (whichever is greater), if you were to fail to comply with GDPR and suffer a data breach. However, this does not mean that one product or solution (that will most likely break the bank, dare I say), will solve all of your problems. Ensuring GDPR compliance is a journey not a destination, so it’s important to put some time and resource towards it.

“It’s just the large fines that you need to worry about…”

Indeed, there is a real risk that your organisation could face a crippling fine if you were to suffer a data breach. Nonetheless, it is also possible that you as an individual could face internal disciplinary action, or even, in exceptional cases, a criminal record. In addition, it’s important not to bypass the potential significant reputational impact of your organisation, that could lead to compensation claims. Everyone is responsible for ensuring compliance with GDPR.

“Just buy lots of IT…that’ll solve all of your problems”

GDPR is more than just an IT problem. For example, employee awareness training is often something that is overlooked when, in fact, over 90% of incidents involve user behavior, rather than a lack of IT measures. Left untrained, your employees present the biggest risk to your organisation. Ask yourself, who is responsible for the data processing activities that your organisation undertakes? Your employees. Do your employees know what the GDPR is? Put simply, GDPR employee awareness training must not be disregarded, as it is a cost-effective solution to evidence your organisation’s compliance.

“If you haven’t prepared for GDPR yet, it’s really bad… but becoming GDPR compliance is as easy as buying X, (oh… and Y and Z)”

If we’re honest, GDPR is not a revolution. If you’re already compliant with the Data Protection Act, you’re most likely nearly there. Whilst the GDPR is something that should be taken seriously, after all, it is a law; ensuring GDPR compliance is no doubt an extension of what you should already be doing.

Unquestionably, you have most likely been harassed by various self-proclaimed GDPR ‘experts’ who recommend you start by purchasing product after product to solve all of your problems. Yes, GDPR is a project of work, but surely £10,000 coming off the bottom line isn’t the best place to begin?

Despite what people may say, establishing GDPR compliance is a marathon, not a sprint. There is not one solution, or even two or three solutions, that will guarantee that every organisation is compliant.

As a starting point, it’s a good idea to conduct a data audit for your organisation. Consequently, you will then be able to gain a true understanding of all the different types of data your organisation holds, where you hold it, and what it is used for. Ultimately, all organisations differ from one another, so it’s important to take this into consideration when thinking about how to comply with GDPR.

But, what will this cost me?

You’re right in thinking that data audits can be pricey, and you may not have room for this in your budget. However, have you considered conducting a data audit yourself? It needn’t be as complicated as people may make it out to be.

So, you’ve conducted a data audit, what happens next?

After identifying the types of data your organisation holds, where you hold it, and what it is used for, only then would it make sense to move on to looking at your systems and processes.

This ensures that you are focused on what your organisation specifically needs, which as a result, gives you the best guide as to how to protect your data, whilst ensuring you do not over spend where it is not necessary to do so.

Share this:

Everyday, thousands of employees across the UK are unknowingly adopting poor cyber practices; practices that could leave you, and the organisation you work for, vulnerable to a vicious and potentially crippling cyber-attack.

As Christmas season approaches, take a second to think about your own cyber activity and that of your colleagues. What unsafe cyber practices are you adopting that seem so ordinary?

Over the festive period, perhaps there’s more flexibility around your working hours, working practices and being able to work from home? These are all great (after all, who wouldn’t want to be closer to the turkey leftovers) but it’s important to be aware of the greater security risks associated with doing so.

According to a new report by T-Systems (Europe’s largest telecom company’s I.T. branch), in which 2,000 employees participated, an alarming amount of risky activity was identified as being frequently undertaken:

  • 24% employees stated they actively use free wifi hotspots to access work related emails and documents
  • 28% employees actively email work documents from and to their personal accounts
  • 15% share USB drives between family members, friends… and they work computers
  • 10% use free USB charging points (where malware and ransomware can easily infect devices)

“Training your employees regularly is probably the single most effective step to dramatically reduce risks of viruses, malware and other common forms of cyber-crime
Scott Cairns, Head of Cybersecurity, T-Systems

Whilst appearing harmless, it is exactly these sorts of menial tasks that can prove extremely dangerous and increase the chance of your organisation suffering a cyber breach. Fraudsters deliberately target organisations over the festive period, when they know employees are more relaxed and more focused on their company Christmas parties than their company’s cyber hygiene.

Perhaps most worrying of all, is that T-Systems found that 28% of employees stated that they had never had ANY cybercrime training to protect themselves or the business, in any organisation they had ever worked.

Scott Cairns, Head of Cybersecurity at T-Systems commented ‘our research shows many employees are not knowledgeable on the multitude of ways their devices can be infected with viruses and malware…and those who thought they were ‘very knowledgeable’ frequently gave the wrong answer when questioned!… Training your employees regularly on effective cyber-security practice is probably the single most effective step organisations can undertake to dramatically reduce their risks of viruses, malware and other common forms of cyber-crime’.

So, as we all embark upon the festive season please do remember to stop and think before you click. Stop and think before you share company information and stop and think before it is too late.

Employees: the biggest risk to your company’s security but also your strongest defence.

Engage, educate and empower, today.

Share this:

Last night, The Defence Works was awarded the prestigious “Digital / Technology Business of the Year” award at the FSB Manchester Awards, having fought off stiff competition .

The awards were held at the Hilton, in Manchester where Andy Burnham, the Mayor of Greater Manchester, opened proceedings.

Judges were particularly impressed with The Defence Works’ passion to help businesses stay secure against the ever growing threat posed by fraud and cyber-crime, particularly as The Defence Works’ security awareness training is designed to be very cost-effective, making it accessible for all organisations.

Speaking about the award, Managing Director, Eddie Whittingham commented “We’re absolutely thrilled to have been awarded technology business of the year. It’s a great testament to what we do and fantastic recognition for our team who work tirelessly to deliver our services and help businesses prevent cyber-crime. We were up against some great businesses, so to be recognised in this way is really special”.

The Defence Works helps businesses prevent fraud and cyber-crime through a unique online portal, helping to educate employees using an ongoing security awareness programme, implementing a suite of best practice policies and ensuring businesses are aware of key threats as they emerge.

Managing Director, Eddie Whittingham, commented, “It’s fantastic to be recognised for the work that goes on behind the scenes, as well as the very kind comments about our exceptional customer service. A huge thanks goes out to The Defence Works team for their hard work and dedication, plus all of our customers for their continued support. Lastly, a big congratulations the other award winners and nominees during the evening”.

Share this:

The Defence Works have been shortlisted for the “Digital / Technology Business of the Year” award in the FSB Manchester Awards.

Judges have shortlisted The Defence Works having identified the business amongst stiff competition as:

  • having increased sales during the past 12 months;
  • delivering a high quality service and exceptional customer service;
  • having identified new markets, income stream or opportunities; and
  • demonstrated a commitment to their employees through development and training and have good staff retention rates.

About being shortlisted for the award, Edward Whittingham, Managing Director of The Defence Works, stated “we’re really pleased to have been shortlisted by the judges for this award. It’s a testament to the hard work and dedication that goes on behind the scenes and I’m immensely proud of what we’ve achieved so far.

We’re really passionate about what we’re doing to help businesses prevent fraud and cyber-crime, so to have been shortlisted in category is a great achievement”.

The award ceremony will take place at the Hitlon, Deansgate on Thursday 30th November.

Share this:

A serious vulnerability has been identified that affects ALL devices that support Wi-Fi, allowing attackers to decrypt “WPA2 connections”. In short, if you’re using Wi-Fi enabled devices, you’ll need to update the respective software else you may get hacked.

When you say ALL devices, what do you mean?

Literally, anything that allows Wi-Fi connectivity. The includes desktops, laptops, mobile phones, e-readers, routers, Wi-Fi printers… even your NEST, Amazon Echo devices, etc.

What is WPA2 and why does this affect me?

It is a protocol used to secure all modern protected Wi-Fi networks. It has always been thought of as a secure encryption protocol for Wi-Fi but this new discovery means it is possible for an attacker to access sensitive information we share over a Wi-Fi network using WPA2 (which, will affect pretty much everyone reading this post, as it is what the vast majority of people and organisations have in place worldwide).

Naturally, this means that you could be putting your personal information, and that of your organisation at risk – such as passwords, payment details, emails, photographs, etc.

Put simply, if your device uses Wi-Fi, then it is highly likely this vulnerability affects you. This isn’t limited to android devices, but affects Windows, Apple and every hardware provider under the sun.

How do I protect myself and the organisation?

Firstly, remember this affects any device you own or within your organisation that uses Wi-Fi and if you’re a frequent user of public Wi-Fi, or your employees are, then it is fair to say you’re at higher risk.

All major providers are working to ensure patches are released in the coming days. This means that the vulnerabilities which have been identified can be “patched” with a software update, so the best step to protect yourself and your organisation is to identify any patches that are released and ensure your devices are updated.

We’d recommend that you prioritise any devices that are used to access public Wi-Fi, such as mobile phones and laptops for those working away from the office, as these clearly pose the greatest risk.

But, I’m secure if I’m using HTTPS, right?

Wrong. Whilst it is generally fair to say that if you’re using HTTPS you will be secure, this vulnerability actually lets an attacker downgrade your connection from HTTPS to non-HTTPS connections, thus making you vulnerable – so you’re still at risk.

Updating Devices

Your computer devices, including your mobile and tablet devices may alert you when there is an important security update and, indeed, many may update automatically but be aware that you may also need to manually update, as many people don’t readily allow automatic updates. Now is a good time to check.

For all other devices, you may need to access the device to receive the latest software update. We’d recommend you search for the device’s manual on the internet to find out how to update them, as each device will differ (search for the device name and “firmware update” and this will likely find what you need”). The Wi-Fi vulnerability is being referred to as “KRACK” (Key Resolution Attacks), so be sure to check the firmware update covers this vulnerability so that you can be confident you have patched appropriately.

Given the widespread impact of this vulnerability, we’d encourage you to spread the word to ensure we can help people update their devices as soon as possible.

Share this:

Are you sick of hearing about Love Island in the staff room? Did you overhear a colleague talking about Beyonce having twins or Jay Z’s cheating scandal? Or, did you read the post your work mate shared about the THREE Kardashians being pregnant…at the same time?

Unfortunately, while you may not care…many do – including your employees – and cybercriminals are using this as bait to compromise your organisation.

Writing this blog, I have to be completely honest, I am obsessed with celebrity gossip. Every sort, be it: movie stars, musicians EVEN pointless reality TV stars – on an international basis… I can’t help but want to know! It has become part of my daily routine to read, what I readily admit, is utter drivel. And while you may think this cathartic outburst is nothing more than a comedic anecdote, it is in fact, the reason I am writing this.

Hidden beneath my shameful penchant for celebrity gossip could lie lethal consequences for the organisation in which I work. I, like many of your employees, may be unassumingly enjoying break time coffees while reading about Scott and Kady’s split or Zayne and Gigi’s blossoming romance whilst using employer’s Wi-Fi and computers. But, did you know malicious news reports could infect a device with malicious ransomware, rendering client information accessible to a fraudster? You could even be held to ransom and such a data breach could have a serious impact on the organisation as a whole.

While this type of hook may not catch you, can you be sure no one in your workplace would click the link to appease their appetite for the latest, juiciest gossip… at whatever cost?

Would any of your employees be tempted to click on this ‘breaking news’?

McAfee revealed, for the 11th year, the list of the riskiest celebrities to search for online. And, while you may be as shocked as I am that the number 1 entry is Avril Lavigne, the following entries may not surprise you:

  • Bruno Mars
  • Carly Rae Jepson
  • Zayn Malik
  • Celine Dion
  • Calvin harris
  • Justin Beiber
  • Diddy
  • Katy Pery
  • Beyonce

Then again, you may also have no idea who these ‘celebrities’ are… but, ask any one of your celebrity enthused employees and they’ll confirm that the common denominator in this list is that they are all musicians. Fraudsters are grooming the unsuspecting public with the promise of a free download or a free graphic image… but only, if you click on the link or sign in to your online social media profile via a phishing website first.

This problem is not exclusive to musicians. Celebrity culture, as a whole, is being targeted-especially since our obsession with reality TV celebrities is also on the rise. Worryingly, a study conducted by Onepoll found that ‘nearly 4 in 10 of the nation watch some sort of reality TV’ and further analysis stated ‘50% of this is made up of 25-34-year olds’ – does any of your workforce fall in to this category? While the Social Comparison Theory notes watching reality stars on TV makes us ‘feel better about ourselves and our own lives’ can we really justify a cyber-attack for the fleeting smirk that the current state of Katie Price’s tumultuous relationship spurs?

Think before you click the link!

You might be confident that the latest celebrity headline wouldn’t peak your attention, but are you equally as confident about your employees?

It’s crucial that everyone within your organisation is aware of the types of threats out there. By building awareness, your organisation will keep your employees safe in both their personal and professional lives.

Don’t want your organisation compromised courtesy of Jay Z? It’s time to start thinking about security awareness training and simulated phishing emails to raise the game within your organisation and to build towards a positive security culture.

Share this:

Do you consider yourself to be generally optimistic or pessimistic?

Positive or negative? Or maybe you’re simply cautious and realistic?

Generally, it’s fair to say that the vast majority of people like to think of themselves as positive – it’s one of humanity’s greatest traits after all.

At The Defence Works, we understand that people’s greatest personal asset – their positivity – can also be their biggest weakness when it comes to cybercrime and security and, as such, can pose a threat to your organisation.

Cyber criminals are aware of the largely optimistic approach of ‘Joe Public’ and hence this is exactly what they prey on – focusing on the general open minded and optimistic nature of your employees and manipulating this in to becoming a vulnerability.

Ultimately, it is through a lack of understanding of the risks that mean people engage in precarious behaviour, which in turn can leave your organisation exposed to malware and ransomware, as employees may click on seemingly ‘safe’ attachments. Regrettably, incidents of ransomware and malware have soared in recent years, as many of our employees are simply not trained to think sceptically about apparently neutral mail.

We’re not advocating that we should all continue life as a self-proclaimed pessimist, one who always views the glass as half empty, being suspicious about every twist and turn but, instead, we all have a duty to begin developing a positive security culture within our organisations. It’s most definitely not a case of suppressing positivity but, instead, recognising how criminals are preying on employees as a way to bypass traditional security measures. It’s only through an increased awareness that employees can truly understand the risks and proceed with a more cautious approach.

It’s common place to conduct suitable reference checks and screening on new employees, yet there is a general lack of risk management when it comes to security awareness training of those employees. Organisations recognise that hiring the wrong people can pose a threat to them and that this risk can be mitigated through employee screening, yet it’s hard to deny that cyber-crime and fraud poses an even more significant threat – as employees are an ongoing vulnerability.

It’s time to start mitigating the risks posed by employees not just prior to them joining your organisation, but throughout their time working with you. Security awareness training does just that – ongoing employee risk mitigation – easy, accessible and very cost-effective.

Being well-informed and developing best practice is far removed from being a pessimist or negative – it’s a positive step toward a stronger and more secure future.

Share this:

Working in the sector that we do, we’re naturally exposed to a wide variety of people and businesses – some of which are looking to take preventative action to reduce their risk, whilst others are looking for assistance in the event of an incident or to help prevent further issues. Helping people is our passion… that’s what we do!

But then, well… then there’s my mother. She didn’t fall into any of the above categories… until the weekend!

Buzzzzz!

“Ah, a text message from my darling Mother”, I thought; “It’s no doubt likely to contain her usual text speak” – a requirement from the early 90’s to save space when writing text messages that is now wholly redundant and just makes for undecipherable content – “Oh…”:

I called her.

Over the next hour, my mother explained how she’d received a telephone call on her mobile phone from a “friendly sounding” male, who advised her that there were some security issues with her BT broadband and that she needed to make sure her laptop was secure.

As prompted, she turned on her laptop. In an attempt to fend off a would-be fraudster, my mother asked “But, how do I know you are who you say you are?”, to which the male explained he would be able to confirm an identification number in the settings on her laptop and guided my mother to it. Unsurprisingly, the numbers matched and the caller continued with his spiel.

During this call, the male managed to get my mother to download an application to allow him to remotely view, and control, her desktop.

Indeed, when my mother then went on to say she didn’t have time to do this right now, the male sent her a phishing email appearing to come from BT – only this time, directing her to download another remote access application to her computer. Both of the remote applications were entirely legitimate pieces of software in their own right but, naturally, the intentions behind installing them were to the contrary.

Now, here’s the thing. My mother isn’t computer illiterate, in fact, I’d say she’s reasonably computer savvy having worked as a secretary for most of her life. She’s in her early sixties and still uses her internet regularly for online shopping, emails, documents, etc. So, what caused this incident? Regrettably, it was her lack of understanding or awareness of the types of frauds that are out there. You’d think, given that her son does what he does, she’d be more alive to it than most but it goes to show the power of a simple con. Even though, in hindsight, she knew it was irresponsible and even, in her words, ‘idiotic’, in that moment her guard was down and she fell victim.

Now, imagine the impact this could have had upon a business were she not retired? Email accounts, payment details, sensitive information…. all at the mercy of a fraudster.

So, why am I telling you this? It serves as a gentle reminder that even though you may consider yourself, or your staff, to be computer savvy… there really is no substitute for security awareness training – whether at home, or within the workplace. It only takes a minute to become a victim.

In an effort to raise awareness, I’m signing my mother up as a member to our services so that she’ll receive regular training on cyber-crime and fraud (naturally, I’ll give her a discount – I’m not a total animal).

Oh, and did I mention that my mother’s broadband provider isn’t even BT? She’s with EE.

Stay safe!

Best regards,

Eddie Whittingham
MD

Share this:

Last night, The Defence Works’ Managing Director, Eddie Whittingham, was awarded a £1,000 cash prize for the best business pitch at the NatWest Entrepreneurial Spark Awards 2017, having fought off competition against over 40 other businesses.

Manchester based fraud and cyber-crime prevention business, The Defence Works, was awarded the prize for the best pitch by NatWest and Entrepreneurial Spark, a national business accelerator program, having delivered a knock-out pitch.

The Defence Works helps businesses prevent fraud and cyber-crime through a unique online portal, helping to educate employees using an ongoing security awareness programme, implementing a suite of best practice policies and ensuring businesses are aware of key threats as they emerge. With a passion for protecting businesses, The Defence Works was recognised for their commitment to helping SMEs reduce their risk, saving valuable revenue, protecting jobs and safeguarding businesses’ reputations.

Managing Director, Eddie Whittingham, commented, “We are over the moon to be awarded with the award for the best business pitch by Entrepreneurial Spark. It’s fantastic to receive recognition for our hard work from not only our peers, but also by business heavyweights, Mylo Kane and Vikas Shah, and NatWest Entreprise Manager, Heather Waters”.

Eddie Whittingham went on to explain how the £1,000 cash prize would be invested into improving services for it’s customers, “The prize money will be spent on improving our online portal, helping to develop our e-learning platform and delivering an even better service for our members, helping them to significantly reduce their risk of becoming a victim of fraud or cyber-crime”.

The Defence Works continues to go from strength to strength, having recently taken on a number of new business members and having been selected to go on to the next stage of the Entrepreneurial Spark business accelerator program based in Manchester’s prestigious Spinningfields business district.

Share this:

2016 has been a somewhat turbulent year for all, what with the presidential election, Brexit and the death of many of our favourite musicians and actors. Indeed, 2016 has also been the year in which we’ve seen a huge surge in fraud and cyber-crimes against businesses, setting the benchmark for what is to come.

2017 will be welcomed with open arms, both personally (if not least to stave off the impending deaths of further much loved celebrities) and professionally (as we’ve seen endless businesses hit by attack, after attack).

However, when brushing off the snow to reveal the plans for 2017, it’s important that we learn from the Ghost of Christmas Past to help us see what lurks ahead. Here are a few of our prophecies for the coming year:

More data breaches

If you thought you’d heard about a lot of data breaches this year, brace yourself. 2017 is set to make these data breaches seem like child’s play. In 2016 alone, we’ve seen some huge data breaches at some of the largest organisations (Yahoo and TalkTalk to name but a few), however, these don’t tell the half of it.

Businesses of all shapes and sizes have been the victim of data breaches and 2017 is teed up to be another bumper year for fraudsters.

Regulation and consumer rights

That’s right. With the ever increasing threat of fraud and cyber-crime, comes the ever increasing need for transparency and regulation. We might not quite be there yet, but serious regulation is on its way in the form of the EU General Data Protection Regulation. Whilst GDPR might not be due to come in to force until May 2018, businesses should start thinking about how the regulations will affect them. 2017 will be the year to get up to speed and implement the much needed requirements to ensure businesses are compliant before implementation. We’ll be providing more information on this in the coming months and, in particular, helping our members get ahead of the curve without the hassle, or expense.

What’s more is that we’ll be seeing everyday consumers over in the US successfully suing companies that haven’t looked after their data in accordance with US regulations. There are already mass law suits taking place… and this will, of course, come across the water to here in the UK.

Soon, therefore, data breaches won’t just have a huge effect on your reputation, but will be hitting your bottom line… hard!

The dark web rises

With ever increasing data breaches, we’re going to see even more data being sold on the dark web.

Heard of the dark web? It’s essentially a platform for criminals, fraudsters and organised crime gangs to trade – whether that be stolen property, firearms or as is proving to be increasingly popular, your data. We’ve touched on some of the huge data breaches that have occurred this year but where does all that information go? Inevitably, it’s sold on the dark web to the highest bidder. Why? So that your data can be used to target you through banking scams, or to facilitate malware or ransomware attacks on you and your business.

Evolution, not revolution

It’s inevitable that with all this data flying around, we’re going to be faced with an even bigger threat from phishing emails, ransomware and social engineering than ever before. As we’ve seen recently, the many different types of attacks are continuing to evolve at a fast pace and here are our thoughts on just a few of them:

Ransomware – new types of ransomware are being discovered daily and fraudsters are becoming increasingly clever at how they get to infect our computers and networks. Not only are we facing an increasing amount of phishing emails, but we’re seeing ransomware software even being imbedded in malicious advertising on trustworthy and genuine websites

Phishing Emails – we’re all accustomed to emails purporting to be the trustee of our long lost Uncle’s inheritance, yet phishing emails have already evolved substantially. Expect more and more to address you by name, include other personal details and become increasingly targeted in 2017

DDoS Attacks – there will undoubtedly be an increase in DDoS attacks on businesses, not only bringing some of the best loved businesses offline, but being targeted more and more at SMEs of all sizes. We expect an increase in DDoS threats to come bundled with ransom demands, much like how ransomware affects businesses

Bogus Boss – this was a fairly new type of attack for 2016, but we expect 2017 will be the year it really propels itself to the forefront. Do your staff know how to spot them? Do you have a system in place to avoid falling foul?

Social Engineering – Facebook, LinkedIn, Twitter… if you’re not on them, your employees are. Have you ever considered just how much information a fraudster can get access to about you or your company? “John just wished you a happy birthday”, “Your Mutual Friends”, “Your Job Title”.

Act now to protect your business

There has never been a better time (or indeed, more of a need) to take action within your business to help combat fraud and cyber-crime.

The message from this is clearer than a ghost on Christmas Eve:

‘Men’s courses will foreshadow certain ends… but if the courses be departed from, the ends will change.’ Dickens

If you act now and train staff about how to pre-empt attacks and communicate safely and effectively online, we can leave our old habits in 2016 and prevent attacks effectively in the New Year. Act now – in the present – to positively change your business’ safety in 2017.

At The Defence Works, we can help you do exactly that.

Through our cost effective and simple membership plan, your business can benefit from a suite of policies designed to help reduce your risk to fraud and cyber-crime and we’ll provide your staff with bite-size training to ensure they can become your strongest defence. In addition, we’ll provide you with updates on all emerging threats relevant to your industry and location, helping you to stay one step ahead of the fraudsters and to protect your business.

Protecting your business from fraud and cyber-crime needn’t be complicated, or expensive. Our online portal can be accessed by anyone within your business, from anywhere, at any time.

Share this:

Fraud and cyber-crime set to increase threefold following dramatic EU referendum decision.

As the dust settles today on what has been somewhat of a surprise, we consider how Brexit is likely to have an impact on fraud and cyber-crime for businesses in the coming months.

We’ve all seen the effect that Brexit has had upon the financial market this morning and this inevitably stirs up fears of another recession. Indeed, many businesses will wake up this morning to the reality of how Brexit will impact upon their sales revenues, profit margins and future trading opportunities. But what should also be considered, is how fraud could increase in this new, uncertain world.

In the previous recession, we saw a dramatic increase in company managers, employees and customers committing fraud. In fact, the amount of business related fraud went up threefold, accounting for billions in lost revenue. Businesses are always at risk of fraud, but such uncertainty increases the risk further, and so companies need comprehensive measures in place to ensure they are responding effectively to threats, many of which are unknown at this stage.

With 49% of all businesses being affected by fraud and cyber-crime each year, businesses always need to keep one eye on managing business risk and today’s events should merely act as a reminder to ensure they have the necessary training, procedures and policies in place to reduce the increased risk.

Why will Brexit increase business fraud?

Some people argue that the reason fraud increases during periods of uncertainty, is that pressure on jobs, margins and revenues means that employees are more likely to report fraud. This means that fraud may not be increasing in terms of instances, but it is being reported more. Such financial uncertainty has previously been shown to empower employees to no longer turn a blind eye to other’s fraudulent activities of their colleagues within a business. Employees nervous about the sustainability of their own roles can find themselves thinking “I’m not going to look the other way, because if the business is struggling, then I might lose my job”. It follows, therefore, that now is not only a great time to reassure your workforce that it has a bright future, but to communicate a message showing that you are taking measures to protect the business against fraud going forward and provide them with a means to report fraud should it occur.

Check your fraud and cyber-crime prevention measures

Take a few minutes out of your day to get to grips with your current fraud and cyber-crime prevention measures. Do you effectively communicate your stance to your employees? Do you facilitate confidential whistle blowing reports? Do you have strict IT and password policies? Crucially, are you training your staff on the likely increased fraud they may be subjected to from phishing emails, fake invoices and other sources of fraud and cyber-crime?

If you’d like help to establish your risk profile, we provide a free business vulnerability assessment. Simply get in touch via 0800 772 0878 or info@thedefenceworks.com.

Share this:

UN Chief of cybercrime speaks with the BFPP (now rebranded as The Defence Works) on the biggest threats facing UK businesses

“The sheer scale of cyber threat is immense” The Defence Works today spoke to the United Nations P5 Chief of the Global Programme on Cybercrime, Neil Walsh, in relation to the immense risk faced by businesses globally, and specifically in the UK.

Having previously worked at the National Crime Agency, Neil Walsh took up the lead role at the UN fighting cybercrime globally at the end of 2015. Walsh now helps developing countries in Central America, Eastern Africa and South East Asia develop counter-cybercrime measures to ensure they are capable of preventing, investigating and taking enforcement action in respect of cybercrime.

The weakest link is the ‘human element’

Fraud and cybercrime costs UK businesses £144 billion each year and with 42% of all businesses being a victim each year, more could (and should) be done to prevent such incidents. “Businesses can have the best technology available in an attempt to prevent fraud, but the weakest link in any business is the human element. Where new threats emerge, technology is not able to respond quickly enough to prevent it and this is why employees must be educated as they are typically the route in for criminals to expose a host of issues for businesses”, commented Walsh.

Ransomware will become the biggest risk to businesses in the future

Businesses are exposed to a wide range of fraud and cybercrime attacks; with ransomware being labelled by Walsh as “the biggest risk to businesses at the moment”, following a huge rise in attacks in recent months.

Ransomware is software which typically infiltrates computers when a user clicks on a link or document within an email. The software then blocks access to a vital computer system or folder containing business critical information, demanding that payment is made in order to regain access. Unfortunately this mode of cybercrime is on the rise as UK businesses fail to adequately protect themselves. Walsh explained, “It is important that businesses don’t pay the ransom, as much like in kidnap situations, it only propagates the threat, increasing the risk to everyone. Maintaining regular, secure backups of systems is a vital component of recovery.”

“The criminals work on a risk versus reward basis,” Walsh continued, “and many criminals no longer need to be a computer expert to carry out cyber-attacks. Would-be attackers can buy the software relatively cheaply and then send out emails to the masses – they only need to succeed with a few unsuspecting victims to justify their outlay”.

As with many cybercrimes, technology is only one piece of the puzzle – being protected against potential attacks requires a combination of adequate technology measures, and an education drive amongst staff to inform them of the potential risks of clicking on a seemingly innocent email.
UNITED NATIONS

“The work of yours, what The Defence Works do, that’s what it is all about -helping businesses to protect and prevent becoming victims of cyber-crime.”
Neil Walsh, Chief of Global Cybercrime

Criminals are turning their focus to SMEs

Alarmingly, Walsh believes that SME’s are at particular risk of cybercrime. “It never ceases to amaze me the risks that people will take when dealing with emails and this isn’t limited to a particular generation – it spans all generations and this causes no end of risk for businesses.

It is important that businesses begin to impose the element of personal responsibility upon individual employees as so many businesses cease trading due to fraud and cybercrime each year. SMEs are particularly at risk because it only takes one mistake to cause catastrophe within a business”.
The paradox for SMEs is that whilst being the most at risk, they are often the least likely to take preventative measures to protect themselves, due to the normally high costs associated with legal support – a problem that The Defence Works seeks to solve with its anti-fraud portal service.

What is the solution for businesses at risk?

“It is important that staff training is continuous, not just a one off.”

When considering the global threat to cybercrime against that of the UK’s, Walsh stated that it is crucial “to teach people to be safe online, as this significantly reduces the risk of being a victim of fraud”. Neil Walsh echoes the advice that The Defence Works gives to its members, stating that “businesses should ensure they regularly back up their data onto an offline device, as well as implementing cybercrime and information security policies and procedures which are actionable”, stressing that “responsibility for implementation should be taken seriously business wide. In addition, training and education of staff is imperative – it is important that staff training is continuous, not just a one off. It needs to be a normal part of everyday business”.

Finally, Neil recommends that business owners report all matters to authorities, but recognises that organisations often have concerns in doing so in respect of public perception, brand reputation and their own shareholder considerations.

Share this: