Cybercrime is an increasing menace to business and SMEs are prime targets for online criminals. With fewer resources than large companies, smaller organisations are seen as easier targets for attack by hackers, online fraudsters and other cybercriminals. While online threats are an increasing problem for organisations, they should also remain vigilant to traditional threats.
Recent fraud attacks on some of the largest and best known businesses such as high street banks shows that perpetrators are becoming more audacious in their approach. Prevention is better than cure but, as well as knowing how to protect themselves in the first place, business should also know what to do in the event of a fraud attack.
Preventing Fraud Attacks
There are a number of areas where businesses may be vulnerable to fraud including through their online operations. However, in a world fixated on all things technology related it is easy to forget some of the basics.
The greatest vulnerability many businesses face is through their workforce where a great deal of trust is required. Most of the time this is a business’ greatest strength but those businesses that fail to carry out basic background checks before employing someone leave themselves vulnerable. Employee screening should include checking individual identities, verifying qualification on CVs and collecting references.
Even trusted employees can create vulnerabilities if there is systemic weakness or a lack of oversight. Therefore, internal systems and processes should be audited for risk factors including online operations. Training employees to comply with internal policies such as know your customer (KYC) and money laundering regulations for example, and implementing email and internet guidelines can significantly reduce the risks of fraud.
In the Event of a Fraud Attack
Fraud attacks are not typically acute in their manifestation rather they usually take place over a period of time before being discovered. That is why it is important to implement robust systems in order to help prevent fraud as well as detect fraud when it does occur.
Upon discovering fraud there are two distinct legal processes that can be implemented, one criminal and the other civil. In simplified terms, the criminal law will punish the fraudsters while the civil law can be used to try and recover any losses that have occurred.
Organisations should always seek immediate legal advice upon discovering fraud as speed is of the essence. Civil orders such as freezing injunctions can help prevent assets from being transferred as they can be granted without alerting the fraudster. Meanwhile disclosure orders and search orders can help locate assets that have been misappropriated. These remedies can often be obtained more quickly and efficiently than the police can act.