Derbyshire businesses lost more than £4 million to cybercrime last year.
New figures from Get Safe Online and Action Fraud show that from March 2015 to March 2016 a total loss of £4, 640, 847 was reported by businesses in the county to online crime. Get Safe Online and Action Fraud are now teaming up with police forces across the UK to encourage businesses to boost their security by educating staff on cyber safety at work.
They warn that mandate fraud - when a fraudster gets victims to change a direct debit or standing order by pretending to be from an organisation - is on the rise, with £283, 946 lost this way by businesses in the county.
Businesses are also urged to watch out for corporate employee fraud, which happens when workers or ex-workers obtain property or compensation through fraud, or misuse corporate cards and expenses. Meanwhile, hacking is described as “one of the main issues facing businesses.”
Tony Neate, chief executive officer of Get Safe Online, said: “The latest figures show the enormous, and quite frankly daunting impact online crime can have on a business, its reputation, its employee and even its continued operation.
“It also highlights the abundance of ways a business can be targeted, both externally, and from within. To tackle this issue head on, businesses need to review their own skills and knowledge, determine if they need outside help, and then create measures to prevent, detect and respond to potential security threats.”
Shevani Raichura, Derbyshire Police’s digital police community support officer, said: “Technology is vital for many businesses and allows us to easily do our jobs by the use of email, operating websites and working remotely. However, hand in hand with this does come an element of risk, and seeing the huge amount lost by businesses in Derbyshire to online crime in the last year, highlights how local businesses need to train their staff to spot the signs.”
Here are some top tips from Get Safe Online to help protect your business from cybercrime:
Set up structured employee education and awareness training, make sure it is conducted regularly and kept up-to-date;
Install internet security solutions on all systems, including mobile devices;
Keep all operating software, application software, mobile apps and web browsers up to date;
Set up and enforce a strict password policy for all employees and contractors;
Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware, and create a policy governing when and how security updates should be installed;
Introduce rules on safe mobile working, including use of unsecured Wi-Fi hotspots, shoulder surfing and protecting devices from theft or loss.
Increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures;
Maintain an inventory of all IT equipment and software, including redundant systems, and identify a secure standard formation for all existing and future IT and comms equipment used by your business.
Restrict staff and third-party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access.
For home and mobile working, ensure that sensitive data is encrypted when stored or transmitted online so that data can only be accessed by authorised users.
Restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed. Have a proper BYoD (Bring Your Own Device) policy in place.
For more advice around fraud and to watch a victim’s account of romance fraud, visit the dedicated Stamp out Fraud webpage at www.derbyshire.police.uk/stampoutfraud
If you think that you have been a victim of fraud, contact the non-emergency number for Derbyshire police on 101 or Action Fraud on 0300 123 2040. Report any suspicious incidents to the police immediately by phoning 101 or 999 if the crime is in action.