IT

Do you have an IT support team? If not, current risks make it worthwhile outsourcing to experts. Good companies will put in place security measures that avoid some of the worst risks and will be able to help you if you do get into problems. However, your IT managers are not the right people to audit your IT risks. That needs to be done by an independent review; after all, it is not in your usual team’s interests to expose any problems.

Security is constantly improving to keep up-to-date with the fraudsters. Two-step authentication is now standard and is a security must (it’s where users are asked for text verification or something similar, not a single password). Biometrics (finger printing, iris scanners etc) are becoming increasingly common as they give customers heightened security without being an irritation. It’s a key logon method we use at Amaiz. 

It is worth following police and other official bodies on social media as they will often give early warnings on new scams. 

If you do get hacked, employ specialists to help you (if you don’t have them already). If you can, immediately isolate the problem by disconnecting any affected devices and closing cloud accounts. Change all your passwords.

Public WiFi

I know it’s convenient and very tempting, particularly when you have a bad signal and need to send that document urgently. However, you would be shocked at how easy it is to set up a very convincing WiFi that steals your passwords and bank details. If you have to use public WiFi make absolutely sure you have the right one; it will be printed on official boards or on the menu. Don’t do what so many people do and use the one that ‘looks right’ or ask a ‘friendly’ customer. Scammers are very helpful when it comes to giving out WiFi passwords!

If you think you’ve logged into a suspicious account, disconnect immediately, get onto safe WiFi as soon as possible and change all your passwords, particularly your bank ones. Alert your bank to the risk.

Working from home

The government has sent us back home again. It’s likely that most of us will be working, from home into next year, for at least some of the time, and possibly beyond. That creates new security risks for your business.

Make sure you and all your employees are trained on IT security and that you treat it as a priority. You will need to regularly remind employees of the security basics, such as installing updates, having secure passwords and changing passwords on their internet hub. It is worth forcing some of these issues. For example, your systems can make the regular updating of passwords mandatory. However, there are also social risks, particularly for employees sharing houses with others. Do you keep data on customers or other sensitive data that might be accessible to others?  

Don’t let employees use their own devices unless they have the same level of protection (i.e. anti-virus software) as company owned devices.

You want employees to alert you immediately if they think there has been a security breach, so avoid penalising them if it happens, as that will encourage others to keep quiet. Instead, do everything you can to encourage employees to take this seriously with preventative measures.

Social Media and Website Security

Do you know who is able to make changes to your website? When was the last time you checked who can post on your social media?

You should have a list of all the people who have access and change the passwords (and remove access) every time someone leaves. If you don’t, one of them could have a few too many drinks one day and have some ‘fun’ at your expense. That can be highly embarrassing, or far worse, you might be forced to hand over large sums of money to take back control of your assets or end up inadvertently facilitating fraud committed on your customers.

Our PR agency recently checked, and they (and their ex-employees) still have access to the LinkedIn accounts of a number of clients from five years go or more; so it is really common for companies not to manage this as they should. Don’t assume it’s okay, check today. That’s a phrase to live by when avoiding fraud.

Bank Details 

Now, more than ever, it is very easy to sit tapping away at our computers, without ever actually having to speak to anyone. This is another aspect of COVID-19 that the fraudsters love as it is far easier to pretend to be someone you’ are not on e-mail than it is over the phone. E-mails scams can be really sophisticated. The e-mail can appear to come from someone you know or work with; they can even be written in a language and style that someone you know would use.

Fraudsters, pretending to be a supplier, will ask you to change their bank details, or pretend to be an employee asking for their expenses to be paid quickly into a different account due to a problem. The only way to avoid being caught out is to ALWAYS check by phone if you get an e-mail asking to do either of the above.

Supplier and Customers

Check out potential customers and suppliers before you start working with them. Check for CCJs (County Court Judgements - meaning they’ve failed to pay, even when told to by a court). Put their phone number into Google and see what comes up. Often this will tell you quite a bit about the business, such as other businesses that are run from the same number. Don’t trust perfect reviews. Very few people review a company unless they have a problem. I assume that 5-star reviews are probably fake (particularly if they are very similar) and look for the less than perfect reviews.

Does the company respond to criticism, and how long does it take them? Do they attempt to solve the problem, or do they get emotional and defensive, even aggressive? If the above research suggests that a potential customer or supplier is untrustworthy you should consider whether you want to enter the relationship and if you do, under what terms. You might keep a customer, for example, but ensure they pay up front. With a supplier you will want to check on delivery before you transfer any payment and be extra vigilant on keeping records. 

Cold Callers

Scammers have been trying it on with most of us over the phone during the lock down. Some you will spot a mile off. Others can be so convincing that it is very easy to get sucked in. Unless you recognise someone’s voice, don’t trust them. If the caller seems legitimate, but they ask you for any sensitive information, tell them you will phone them back (take their name). Then find the official number, from an invoice or the website, and call that before giving out any personal information. It is important to make sure you use a different phone as the fraudsters will often stay on the line and pretend to answer your call.

The more pressure a caller tries to put on you to pay them immediately, the more likely it is that they’re a scammer. That includes threatening prison or huge fines. Of course, if you already know that you’re behind with an invoice or with HMRC, it is more likely to be legitimate, but you’ll then know the correct amounts and it is still essential to call back. It is very easy to intercept a phone call so a fraudster may already know your exact situation and use this to their advantage.

Tell people you work with if you get a suspicious e-mail or call, the caller might well target other people at your company.

Phishing/Smishing

This is where you receive an email or text which pressures you into clicking a link. It is extremely quick and easy to clone a phone number, so don’t be reassured if a message appears in the same thread as genuine texts. Because three legitimate messages from your bank are followed by a new message sent from the same number into the same conversation, it doesn’t offer additional security.

Treat every text as if it is suspicious. Do not ever click links in messages. Instead, log onto the website securely where any legitimate communication will be waiting for you.

Action

With any financial fraud, tell your bank immediately. They can sometimes put a stop on the money being transferred or even trace it back.

Report the fraud to the police, however petty. This will give you a crime number for your insurance and will help the police build understanding to prevent others falling victim to the same scam. It is also worth telling the organisation that the scammer was pretending to represent them. This helps them protect customers in the future.

In summary, don’t make life easy for fraudsters, put in place the essential basics as described above. However, if you do become a victim, don’t be embarrassed about telling people. Fraudsters are very clever, they make a career out of this and become very good at it. Even the most astute people can fall victim to fraud. It is nothing to be ashamed of and taking quick action can often reduce the impact of the scam.

If somebody broke into your house you wouldn’t question whether you were to blame, think of fraud in the same way!