Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action.

This week: The link between your cybersecurity and your future sales opportunities, and numerous insights from a recently-published fraud survey by Bank of Ireland. I had to spend some time in the Headspace app after reading some of the findings.

This week’s action: Prepare your people, because they play a key role in the most common cyber-attacks.

THREE ARTICLES

  1. You may be small. But if you have big clients, you are a big target and a big risk.
    “Why [would criminals] work hard to compromise 500 companies separately when [they] can compromise just one and send fraudulent invoices to 1,000?” When you are a small business with large clients, you may not realise how valuable you are to cyber-attackers. But think about it: You are trusted by your clients and yet you may be an easy target for cyber-criminals because you do not have the layers of security that your clients have. You may be your clients’ weakest link. At some point, your clients are going to start asking you about what you are doing to strengthen that link. If your clients are regulated financial services firms, they are already under pressure from their regulator to address this. This area of supply chain risk and third-party risk management (TPRM) is an increasingly-hot topic. Your clients are becoming far more concerned about how their business partners (e.g. your firm) are protecting themselves. They are seeking an increasingly detailed level of evidence to prove that you are not a weak point. Cybersecurity will help protect you from losing money to cyber-criminals. But it may also protect you from losing money to competitors who are dealing this more effectively than you are. You will need more than the basics to show your clients that you are not a risk. (If you want to discuss ways to prove to your clients that you are not a risk, register for a FREEin45 session).
    (Read more: https://www.teiss.co.uk/four-ways-cyber-criminals-will-adapt-their-email-attacks-in-2021/)
  2. One-in-three Irish businesses targeted by cyber-criminals, with email the most common method and bogus payment requests being the most common scam
    According to a survey by Bank of Ireland, “one third of Irish businesses have been targeted by fraudsters in the past 12 months”. The most common method used was an email to a staff member, with the most common scam involving a fake invoice (with amended bank details). The average loss was just under €4k. Only 23% of victims reported the fraud to their bank and fewer than half reported it to the Gardaí. There’s nothing sophisticated about these attacks. And there’s nothing sophisticated about the steps you can take to defend yourself against these attacks. First, as the Head of Fraud in BOI says, “Never send money somwhere just because you were asked to do so in an email .. Always pick up the phone to a known contact and double check that a request is legitimate”. Second, if you realise you’ve made a payment to the wrong account, notify the Gardai and your bank immediately. They may be able to reverse the payment before the fraudster gets their hands on your money – After all, they see this fraud every day. (To learn more about these steps, take a look at my guide to the basics.)
    (Read more: https://www.irishtimes.com/business/financial-services/scammers-hit-third-of-irish-businesses-in-past-year-survey-finds-1.4516205)
  3. Not only are they criminals – They are also scum.
    A reminder that cyber criminals are not ordinary decent criminals. They will attack anyone if there’s the chance of a payoff, even hospitals.
    (Read more: https://www.rfi.fr/en/france/20210311-third-french-hospital-immobilised-by-cyberattack-and-ransom-demand via https://www.ncsc.gov.ie/news/21-03-12/)

TWO STATISTICS

  1. 60%: The percentage of Irish businesses who who were victims of fraud or attempted fraud in the last 12 months that did not report it to the police, according to Bank of Ireland’s survey. This is very interesting. Why did the majority of victims not report? Did they believe the police aren’t interested or cannot help? Were they too embarrassed? Does it also suggest that these firms were not insured against such losses, given many policies require the crime to be reported before a claim can be processed?
    (Read more: https://www.irishtimes.com/business/financial-services/scammers-hit-third-of-irish-businesses-in-past-year-survey-finds-1.4516205)
  2. 75% vs 25%: Staying with the BOI survey, just under 75% of businesses believe they have adequate safeguards but only about 25% have trained staff on business fraud in the last 12 months. In other words, at least two-thirds of the businesses that believe they have adequate protection are relying on staff who do not know they are the prime target of cyber-attackers. I’m speechless.
    (Read more: https://www.irishtimes.com/business/financial-services/scammers-hit-third-of-irish-businesses-in-past-year-survey-finds-1.4516205)

ONE ACTION – If you do only one ‘cybersecurity’ thing this week, do this.

  1. Prepare your peopleEmail is the most common method of attack, and a bogus payment request is the most common scam. How do they succeed? Because your staff are fooled by them.

    If you do not regularly communicate with your staff about how they play a key role in the success of the most common cyber-crimes (and if you don’t test the effectiveness of your training and their awareness), you are missing a simple but very effective layer of protection.

    There are many training platforms and options out there, or you can start with a DIY solution using some of the key points I mention in my guide to the basics.

    Do something, and start now.