The cyber threat landscape is changing all the time, here's how your business can keep up.
Share this article
Whether you’re just starting your own company or you’re well on your way to the next stage of business growth, suffering a financial hit could be hugely detrimental.
In a worrying trend, SMEs are increasingly being targeted by scammers whose efforts are becoming more sophisticated and more frequent every year.
In fact, according to new research, nearly half of SMEs (44 per cent) have been targeted by scammers and almost one in four (23 per cent) have fallen victim to fraud.
How can you separate fact from fiction and keep your business safe from fraud in these uncertain times?
The scam landscape
Firstly, if you want to safeguard your business, you need to understand and keep up with the current business fraud landscape.
Unfortunately, any business can be targeted by resourceful fraudsters. This is made easier by the fact that scammers can utilise a wealth of information about your organisation listed innocently on internet sites, directory enquiries and Companies House.
Criminals can also use the clearing cycle (common for traditional payment via cheques and bank drafts) to try and influence companies to refund a payment to them before the original funds have even cleared.
Many fraudsters are also turning their attention to business tax, tricking unsuspecting victims with the promise of a rebate.
This involves scammers sending out emails that appear to be from legitimate third-party tax rebate providers or HMRC about a potential refund your business may be eligible to receive. From here, you will be directed to an external website and be asked to fill out a form with sensitive business information.
Sadly, you will actually be passing this on to criminals who can use the data they receive to defraud you out of vital business funds. Never hand out any personal or payment details to companies you haven’t approached personally before or to HMRC who will only ever contact you via post or your employer.
Be alert, all the time!
When it comes to business communication, it has never been more diverse. Post, email, telephone, website forms and social media are now all thrown into the mix.
Unfortunately, this means fraudsters can now target SMEs in an ever-growing number of ways. For example, scammers are still using post (for invoices and cheques) to conn businesses.
Fraudsters will also telephone companies and ask for a contact name whom they can send the invoice to, often posing as a supplier. A written request will then be sent advising you that they have since changed the bank details used to receive regular payments.
To protect your business, undertake an independent check with the company asking for their bank details to be changed using a recognised telephone number and not the one used in the letter.
Similarly, you should never publish your business’s bank account details on your website in case the site gets cloned. Fraudsters can then change the details to their own, meaning customers could end up sending money not to your business, but straight into the hands of criminals.
SMEs should also be mindful of how they use their social media, with scammers now employing elaborate ‘phishing’ scams designed to convince social media users that their accounts have been deactivated, prompting them to “log on”.
Fake communications such as this are becoming more common and are usually delivered via email with another company’s branding and email address. However, there are easy steps you can take to spot a real email message from a fake.
You should always look out for small formatting or spelling mistakes, suspicious security certificates (secure sites should feature a padlock in the browser address bar), contrived email addresses which differ greatly from the company who supposedly sent it or unusual characters in the text.
Preparing for Phishing 2.0
With business scams becoming increasingly sophisticated, it can seem impossible to keep up to date and ensure your company is protected.
However, there are proactive steps you can take to stay ahead of the fraudsters. Firstly, make sure your staff are up to speed on all the common tactics being used and know what do to in the event of a suspicious communication being received.
Ensure any employee on the front line of communications (anyone answering the phone, collecting mail, answering emails and paying bills) is aware of the ways scammers might try to deceive them.
You should also encourage your team to regularly update their passwords every couple of months and use long ‘passphrases’ with random words separated by spaces as opposed to traditional one-word passwords combining letters, numbers and symbols to make your company’s data less vulnerable.
If you haven’t done so already, be sure to activate multi-factor authentication and password encryption software onto every online account, adding an additional layer of protection.
You should also be aware threats to your business aren’t necessarily just external. The sad truth is that sometimes threats can come from within your business (either intentional deception or innocent mistakes).
Ensure no single person has full control over all the accounting aspects of your business and you have graded permission protocols in place, only giving employees access to company data they need for their day-to-day role.
Additionally, the work of bookkeepers should be checked by directors and payroll should be regularly inspected prior to payment. Make sure you also have a designated sign-off system in place for reviewing and authorising payments to suppliers, new or existing.
Unfortunately, no business is immune from falling victim to scammers and many SMEs don’t report instances of fraud due to fears about reputation damage.
However, if the worst does happen, reporting the incident is vital. By reporting the scam, you might also be able to stop others from facing the same fate too.
If your business has lost money as a result of a scam or you receive a suspicious communication, report it to Action Fraud, the national fraud and cyber crime reporting centre.
To effectively safeguard your business, knowledge is power so make sure to keep yourself and your staff informed of the latest techniques and ways to protect your business to avoid becoming a target.