Don’t make it easy for cybercriminals
Most businesses will have suffered some form of cyberattack, even if it is not always immediately obvious that such an attack has taken place.
PwC’s 2020 Irish Economic Crime and Fraud Survey found that more than two third of the businesses surveyed had reported at least one instance of cybercrime. One of the most remarkable findings of the survey was that Irish businesses were twice as likely to have suffered a cybercriminal attack as the global average.
This was despite the fact that Irish businesses were much more likely than their international counterparts to have a dedicated programme to manage cyber risks.
Working from home can leave employers and staff particularly vulnerable to cyberattack from criminals using video conferencing software to access laptops and other devices.
Spotting the tricks of the trade
With large scale home working set to continue for the foreseeable future, it is important to be aware of the tactics used by cybercriminals. It is not possible to prevent every external fraud attempt, so employee awareness is just as important as technology.
A common tactic is for a criminal pretending to be the managing director to send an email to an employee asking them to make a payment or transfer money. It is relatively easy to ‘spoof’ an email address so it looks like a genuine request.
Such requests are usually targeted at assistants rather than senior staff, so these individuals need to be made aware of how cybercriminals work and encouraged to report any concerns they might have.
Think before you act
When put under pressure, people do things they would not otherwise do. One of the favoured tactics for scammers is to make it sound as though their request needs to be acted upon on immediately, not giving the recipient time to consider whether it is suspicious or act on that suspicion.
A data breach response plan will set out what employees should do if they suspect cyber fraud. This is particularly important for businesses that manage customer data as they will have specific obligations under the GDPR.
Other obvious steps include making sure passwords are regularly changed and secure, and managing email. The typical inbox contains loads of data and personal information that can be used by fraudsters to create false profiles.
Clarity in the cloud
The cloud has revolutionised financial management for small businesses. Cloud-based accounting packages such as Big Red Cloud can be accessed anytime, anywhere, making it easier than ever to stay on top of income and expenditure.
But as with any outsourced service, you need to know what will happen in the event of a cyberattack and understand the recovery plan your provider has in place should anything go wrong, which should be set out in your service agreement.
Finally there are the measures that should be undertaken regularly, such as ensuring antivirus software and firewalls are updated regularly and software updates are installed as soon as they are released. Don’t make it easy for the criminals.