Businesses in Northern Ireland lost more than £2 million to online crime last year. Figures from Get Safe Online and Action Fraud show 247 cases were reported with total losses amounting to £2,152,343 between March 2015-March 2016.
Police believe the overall losses could be higher, as these figures do not take into account the amount potentially lost by those businesses who choose not to report online crime to the police.
Detective Chief Inspector Douglas Grant, from PSNI Cyber Crime Centre, said: “While these figures are below the national average, they are a cause for concern and they highlight how local businesses need to train their staff to spot warning signs.”
Nationally, online losses last year amounted to £1 billion with 37,000 cases reported – a 22 per cent increase. On average, each police force in the UK recorded over £19 million in losses by businesses in their area.
The internet security awareness initiative Get Safe Online believes businesses need to do more to ensure staff have appropriate online fraud awareness training, so that everyone understands their role in keeping the business secure. A substantial amount of attempted fraud against businesses is successful due to lack of knowledge or sloppy habits by employees.
Online crimes businesses must watch out for:
Business email compromise is becoming an increasingly worrying issue for businesses. This occurs when a fraudster gets victims to change a direct debit or standing order by pretending to be an organisation a victim makes regular payments to, for example, a business supplier or subscription service. It’s an extremely targeted approach, with 30 cases reported in Northern Ireland alone in the last year, and £768,115 lost to it by businesses in the area.
Corporate employee fraud – where employees or ex-employees obtain property or compensation through fraud, or misuse corporate cards and expenses – is also on the rise, with 15 cases recorded in 2015-16 and £242,002 lost by business in Northern Ireland. Its position in the top ten most reported crimes by businesses across the UK in the last year demonstrates how fraud is not just an external threat, but can also affect a business from the inside. It is therefore vital for all businesses to provide their staff with the right tools and training to be able to identify signs of fraud or suspicious activity, before it’s too late, as well as having guidelines in place on whistleblowing.
Hacking is another major concern. A fraudster can hack into a business’s server, an employee’s personal computer, or access email/social media accounts to obtain private information. In its various forms, hacking is one of the most widely reported types of fraud in the UK over the past 12 months, with 1,314 reported cases. Other types of fraud committed against specific industry sectors such as retail and insurance also accounted for a substantial proportion of crimes reported by businesses, owing mainly to the typical transaction values involved.
Retail fraud – defined as fraud committed against retailers through refund fraud, label fraud or when goods are ordered with no intention of paying – has risen by 71% from 3,559 cases reported in 2014-15, to 8,163 cases last year. Specifically, Northern Ireland saw 22 reported cases, making this one of the most reported types of online crime.
Although it is still one of the most widely reported crimes affecting businesses, reports of Cheque, Plastic Card and Online Bank Accounts Fraud decreased by 21% nationally in the last year. A reported £59,439 was lost to this in Northern Ireland in 2015-16.
Tony Neate, CEO of Get Safe Online, said: “These latest figures show the enormous, and quite frankly, daunting impact online crime can have on a business, its reputation, its employees and even its continued operation. It also highlights the abundance of ways a business can be targeted, both externally, and from within. To tackle this issue head on, businesses need to review their own skills and knowledge, determine if they need outside help, and then create measures to prevent, detect and respond to potential security threats. It’s all about education, and staff must be aware of this plan and trained where necessary.
“With new data regulations in place, we’ll see more and more businesses in Northern Ireland start to report online crime and realise that the right staff training can go a long way to helping prevent this growing problem.
We recommend all small businesses visit the Business section of the Get Safe Online website: https://www.getsafeonline.org/
DCI Grant said: “Business people in Northern Ireland are vulnerable to leaving themselves exposed to fraud if they fail to take simple steps to protect themselves.
“Any business, regardless of size, should be signed up to the Cyber Essentials scheme to ensure they have basic protection in place. Cyber Essentials is a government funded initiative to provide certification and verification that basic cyber security measures are in place.
“We would also encourage companies to join CISP, the Cyber Information Sharing Partnership. This is another government run and funded initiative providing a secure platform for business and industry to share threat information, mitigation tactics and also for law enforcement to issue key threat and alert guidance.
“Any business can also go to the PSNI website www.psni.police.uk and log details about cybercrime. This facility is solely for the business community.”
Get Safe Online recommends that all businesses ensure that at least the following basic measures are in place to protect their organisation from online crime:
- Set up structured employee education and awareness training, make sure it is conducted regularly and kept up-to-date.
- Install internet security solutions on all systems – including mobile devices.
- Keep all operating software, application software, mobile apps and web browsers up to date.
- Set up and enforce a strict password policy for all employees and contractors.
- Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware, and create a policy governing when and how security updates should be installed.
- Introduce rules on safe mobile working, including use of unsecured Wi-Fi hotspots, shoulder surfing and protecting devices from theft or loss.
- Increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures.
- Maintain an inventory of all IT equipment and software – including redundant systems – and identify a secure standard formation for all existing and future IT and comms equipment used by your business.
- Restrict staff and third-party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access.
- For home and mobile working, ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users.
- Restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed.
- Have a proper BYoD (Bring Your Own Device) policy in place.
Comprehensive expert, impartial, practical, free advice can be found at www.getsafeonline.org/business
If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk. For further advice on how businesses can stay safe online go to https://www.getsafeonline.org/