At the event PSNI Detective Constable Sam Kincaid presented some concerning results of a 2017 survey of UK businesses. It revealed that at least 46% of businesses have had at least one security breach in the past year and 43% have suffered loss of files and/or corruption of systems. According to Constable Kincaid, typical reported incidents in Northern Ireland range from CEO impersonation and blackmail with ransomware to network intrusion and mandate fraud. Losses from such breaches can run into tens if not hundreds of thousands of pounds.
Also speaking was Dave Rose, Chief Information Security Officer Fujitsu (NI) who warned that while the threats continue to evolve and become more sophisticated, recent analysis by Fujitsu of real-world cybersecurity threats, has identified that the most significant threat is the failure of companies to keep up with basic IT security processes.
Assess the Risk
The first step any organisation should take is to conduct an information security and risk assessment. By analysing your infrastructure through such an audit, companies can allocate resources according to the potential impact on their business, whether it’s upgrading your network, switching applications, improving storage or placing tighter controls on data access. Businesses should seek to continually improve their resilience to cybercrime by applying security risk assessments to the people, processes and technology that need to be brought-up-to-speed and so help prevent security gaps creeping in.
Eight steps
CIMA recently published a report entitled Keeping Business Clean to provide information on how to crack hackers on scams such as executive impersonation, where fraudsters dupe unwitting staff into transferring money from company accounts.
Eight steps to fight the Fraudsters are included in the report:
- Leadership – Businesses are encouraged to establish an anti-fraud policy, and engage the board in talking to staff, customers and suppliers.
- Identify key risks – Check how fraud might happen in your company, such as through written-off stock or budget over-runs.
- Promote anti-fraud culture – Speak from the top. Executives should let staff know they have a strong process for weeding out scams. Employee reward schemes can also reduce attempted deception in companies.
- Develop anti-fraud controls – Put extra checks on admin procedures, such as a second signature, or avoid giving authority for a job over the phone.
- Encourage whistleblowing – Retain the employee-manager route for addressing initial concerns, but give staff access to free confidential advice, and discretion when raising concerns.
- Develop a response plan – Plan for fraud before it happens. The fraud itself might be outside your control, but how you respond is within your gift, from reporting lines to a PR strategy.
- Harness technology to fight fraud – the better the technology at your disposal, the easier it may be to spot fraudulent behaviour before it’s too late.
- Develop or improve internal controls – Ensure invoices are linked to purchase orders, and remove as much as paperwork as possible, in favour of electronic systems.
As well as the financial damage from a fraudulent act, corruption costs both the business affected by the initial crime and the supply chain too. The role of accountants and finance professionals in detecting, uncovering and preventing corrupt practices in organisations is critical"