To be precise, UK businesses reported a total loss of £1,079,447,765 from online crime in 2015, as Get Safe Online revealed this week. This figure could be even higher, as it doesn’t include losses suffered by companies that decided not to report security incidents to the police.
Last year, Action Fraud received over 37,000 online crime reports – a worrying 22% increase from 2014. The most frequently reported crimes were:
- Mandate fraud – Cyber criminals con victims (usually employees of finance) to change a direct debit order by pretending to be the organisation they usually make payments to. This type of social engineering attack escalated last year, up 66% from 2014.
- CEO fraud – Posing as a senior manager, the criminal sends an email to a finance employee ordering them to wire money or make a payment to a fraudulent bank account.
- Extortion – The entire company network is held hostage and made inaccessible by ransomware until a fee is paid.
- Corporate employee fraud – This happens when current or former employees transfer or sell corporate or sensitive information to fraudsters. 1,440 reports were about employee fraud last year.
- Hacking – Cyber criminals intrude into the company’s system or an employee’s account to access private information.
Educate your staff to be more vigilant
Staff can be your first line of defence against attacks like fraudulent email campaigns, as well as being responsible for inadvertent mistakes like sending an email to the wrong recipient. With ongoing education about the latest risks, how to avoid them and best practices to stay cyber secure, your staff can truly contribute to your cyber security strategy. Read more about IT Governance’s e-learning staff awareness courses.
Secure your company from external and internal attack
By adopting the Cyber Essentials scheme, your company could prevent around 80% of Internet-based cyber attacks. Such protection a result of implementing five security controls:
- Secure configuration – Properly configure your computers and networks so that they provide only the services they are intended to.
- Boundary firewalls and Internet gateways – Monitor, identify and block unwanted traffic to your system.
- Access control and administrative privilege management – Restrict access to your most valuable accounts and files to reduce the risk of insider fraud.
- Patch management – Keep your software up to date to reduce the risk of known vulnerabilities being exploited by cyber criminals.
- Malware protection – Protect your systems from a wide variety of malware.
Getting Cyber Essentials certified can cost you only £300 with our certification service. Plus, as IT Governance is a CREST-accredited certification body, you will benefit from an external vulnerability scan of your networks and applications to verify that there are no known vulnerabilities present.