The British economy loses £27 billion per year to cybercrime, according to UK Government figures, and activity in Scotland more than tripled last year.
Falling victim to cybercrime not only causes reputational damage and loss of customer information and contracts, it can also result in hefty fines from the Information Commissioner’s Office.
But there are steps that Scottish firms can take to avoid being caught out by criminals. Here are five examples of the types of attacks increasingly targeting businesses, and advice to avoid being vulnerable to them.
CEO fraud (email phishing )
This attack involves sending fraudulent emails that look like they’ve been sent by a senior employee – such as the CEO. These emails may include a link or direct the recipient to an ‘unsafe’ website. To combat this, firms need a strict process in place that enables employees to easily verify that contacts are genuine.
Fake requests, often received by post or email, which appear to be from a known individual (a customer or a supplier) typically request a change of account details. To help prevent this type of fraud staff should never rely on inbound requests like this, no matter how legitimate or familiar they appear to be. Instead, they should check they’re genuine by giving the customer or supplier a call on a known number or dropping them an email to their usual address.
Perhaps one of the most high-profile types of fraud, ransomware is malicious software that seeks to encrypt data and extort a ransom in return for its release or de-encryption. The majority of ransomware gets into a company’s system via dodgy emails. Making sure protection software is installed, applications are kept up to date and data back-ups are managed to aid if you need to recover files are all good ways to protect your company.
Deliberate data leakage
Sadly, it’s not just outside threats that can damage your company, but also insider attacks. There have been cases where colleagues leak data for personal financial gain. To help safeguard against this, applications can be put in place to monitor behaviour. Controlling portal storage devices, such as USB memory sticks, and limiting staff access will also help reduce the risk.
Unfortunately, criminals will always try to exploit businesses, so employees from the boardroom to the shop floor must have a robust understanding of important cyber protocols.
Ewan Kinnear is head of mid-corporates at Bank of Scotland, which is supporting the CBI Cyber Security conference in April 2020.