Scams Awareness Month: What You Need to Know About The Latest Scams
Are your employees up to date on all the latest security scams targeting small and medium size businesses?
With July being Scams Awareness Month, it’s a good time to better protect your business and review your security policy to ensure you have effective safeguards in place.
Cyber-attacks are one of the biggest threats facing small and medium sized businesses. According to the Information Security Breaches Survey Report by the Department for Business, Innovation and Skills, an estimated 60% of small businesses fell victim to an online security breach in 2014. The consequences can be serious, with costs estimated to be approximately £65,000 for a severe data breach.
Conversely, despite the risk of cyber-attacks increasing, organisations’ investment into information security has fallen 4% year on year according to the Global State of Information Security Survey, leaving many unprotected from the growing threat.
New scams continuously emerge. While insider fraud is also an on-going concern, here’s a look at some of the most prevalent scams that are being used to commit fraud and identity theft.
Fake Invoices: Scammers use fake and urgent invoices for legitimate services and supplies used by the organisation, such as online advertising, paper rolls, etc.
Affinity: The fraudster infiltrates a close community such as a workplace and lies to gain trust and steal money, usually through an investment scheme.
Hit-and-run: Forecast to be one of the top scams in 2015 by Scambusters.org, victims are tricked into handing over money they don’t owe for everything from bogus fines and unpaid taxes to supposedly unpaid utility bills.
Directory: A caller verifies a listing in a (fake) business directory, and charges for it.
Malware: A persistent threat in 2015, Scambusters.org expects to see a further switch in emphasis to malware downloads on smartphones.
Mobile phone: Fraudsters call or text but hang up. The missed call is registered and many business people call the number to find out who called – and get charged for it.
Phishing and Spam: Unsolicited or junk email or calls are used to trick people into clicking on a link or pop-up message or providing confidential information.
What can a company do to improve fraud prevention?
Have a written and comprehensive security policy that adheres to compliance standards and provides the workplace with leadership and direction. Periodically use a security checklist to ensure your security policy accounts for any new and evolving risks.
Utilise current technology to protect employee and customer data and the company’s network.
Introduce a Bring Your Own Device (BYOD) policy that champions proactive security measures including anti-virus/anti-malware software on personal mobile devices being used for work. It should also outline rules and responsibilities around data access, device use, and employee behaviour, in and out of the workplace.
Create a list of authorised vendors and suppliers, and implement strict controls and procedures on purchasing and accounting processes.
Keep employees up-to-date with current security scams by communicating information in newsletters, intranets, by email and via bulletin boards.
Provide a tips hotline, and teach employees how to spot fraudulent behaviour in the workplace.
Encourage secure work habits such as:
Implementing a Clean Desk Policy
Partnering with a document shredding company so that all confidential information in digital and paper form is destroyed when no longer needed; the company should provide locked consoles and secure destruction services
Enforce a Shred-all Policy to avoid confusion or room for error when disposing of paperwork
Learn about how to fight fraud and secure your office’s five most vulnerable areas. You can also find out more about how secure shredding services can help protect your confidential information.