Close

Updated Cookies Policy - you'll see this message only once.

Barclays uses cookies on this website. They help us to know a little bit about you and how you use our website, which improves the browsing experience and marketing - both for you and for others. They are stored locally on your computer or mobile device. To accept cookies continue browsing as normal. Or go to the cookie policy for more information and preferences. If you clear your browser history to disable or delete all cookies, your cookie preferences will automatically be reset to accept all cookies. Please go to the cookies policy to make any changes.

Cyber security and fraud: protecting your business for the future

Image of a computer motherboard from Barclays Corporate Banking.

April 2018

In 2016, the UK lost £2 million each day as a result of financial fraud1, and the threat of cyber fraud is growing year-on-year. Andy Simpson, Head of Specialist Client Solutions at Barclays shares some tips to help protect your business.

Cyber fraud can result in major financial losses, and data breaches have the potential to profoundly damage trust in a company; fraudsters monetise stolen information by selling it on online, and the impact this has on businesses reputations can be severe.

This is why it’s so important that the future workplace is alert to, and protected against, these threats.

Social engineering

The threat of cyber fraud can seem a difficult one to combat. However, it’s important to remember that most cyber fraud attacks depend heavily on human interactions – fraudsters have long identified that the easiest way to breach an organisation’s defences is to target its people, not its systems.

Social engineering is the method by which fraudsters aim to trick people into breaking normal security procedures. Fraudsters are usually looking for the victim to give up sensitive information, such as bank login details, or for them to enable malicious software to be installed onto their device. They may also trick the victim into carrying out a fraudulent payment themselves.

In social engineering cases, fraudsters often have thorough knowledge of the company, which enables them to build trust with the victim. They may be aware of regular payments that are due or of the structure of teams within the company, enabling them to impersonate employees.

The most common forms of social engineering for businesses are:

For international clients, invoice fraud and email scams are a key threat, with fraudsters hacking email accounts and altering bank account details on invoices.

Ten steps to help prevent cyber fraud

  1. User education and awareness: educate all of your employees about the potential channels cyber fraud may take, regardless of their level or role
  2. Network security: avoid connecting to untrusted networks
  3. Monitoring: constantly monitor inbound and outbound traffic
  4. Malware protection: ensure you have the most up-to-date version of your chosen software
  5. Information risk management: embed an information risk management regime across your organisation
  6. Incident management: establish an incident response and disaster recovery plan
  7. Managing user privileges: manage the access your employees have to programmes and spend/approval thresholds
  8. Secure configuration: remove or disable unnecessary functionality
  9. Home and mobile working: protect data using an appropriately configured virtual private network
  10. Removable media controls: limit removable devices such as USB drives.

(Source: National Cyber Security Centre)

Protecting your business from cyber fraud

In 2016, £1.35 billion of attempted fraud was prevented – that’s the equivalent of £6.40 in every £10 of attempted fraud that UK banks have stopped2.

Different scams can be combatted in different ways.

As an example, CEO impersonation fraud has become easier due to the growth of social media. Criminals can easily find personal details of senior employees online – for example, when they are out of the country – and use this information maliciously.

This means that an important mechanism to prevent CEO fraud involves being careful about what information is made available online.

To combat invoice fraud, you should always confirm requests from alleged suppliers or distributors via a known contact number.

If anything feels suspicious, take five and make sure you confirm with a known contact any requests. Fraudsters can email you with email addresses that look very similar to a known contact, be aware of this and consider phoning your contact on a trusted number.

Digital attacks

A key method of cyber fraud is transferring malicious software – ‘malware’ – to your device, in order to disrupt your technological operations and access confidential information.

Malware can be installed into your computer through clicking a link in an email, opening an attachment to an email, using a removable device (such as a USB pen), or by downloading software from a malicious source.

Two prominent forms of malware are:

  • Trojans: Trojan programs are a type of malware that enter your computer on the back of other software. They act as back doors to the computer, granting a fraudster remote access. Once inside your device, a trojan can give a stranger access to your personal details by taking screenshots or capturing keystrokes
  • Ransomware: Ransomware enables a fraudster to gain control of your system in order to encrypt your files, demanding a fee to unlock them. Without the decryption code, it is very unlikely that you will be able to access your files again. The risk of ransomware is one of the crucial reasons why companies should back up their information and keep it on a separate network.

In May 2017, there was a significant global cyber security attack dubbed "the biggest ransomware outbreak in history."3.

The attack, dubbed WannaCry, used hacking tools believed to have been developed by the US National Security Agency, and more than 300,000 computers were infected – hitting the NHS, and international shipper FedEx, with widespread impacts to Russia, Taiwan, Ukraine and India4.

Keeping software and operating systems up-to-date is even more important to protect against ransomware and mitigate the risks.

The impact on the NHS from WannaCry would have been significantly reduced if their operating systems had been patched, and it recently emerged that tech companies, including Apple, have been racing to fix the Meltdown and Spectre bugs, which could allow hackers to steal data.

Network attacks – emails are an unsecure channel

Another form of cyber threat is a network attack. This is when a third party intercepts communications sent over an unsecured network.

Emails are the main communication method for most companies, yet it is often forgotten how unsecure the communications can be. An email can be thought of like a postcard – it can be read as it moves across networks.

It’s important that sensitive information is sent over encrypted networks. Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser.

For more information, visit:

  • https://digital.wings.uk.barclays/for-everyone/ (opens in a new window) - our platform to educate all staff members in all things digital. Please log on and complete the cyber security module to enhance your understanding
  • www.cyberaware.gov.uk (opens in a new window) – HM Government site – Be Cyber Aware is a cross-government campaign funded by the National Cyber Security Programme
  • www.ncsc.gov.uk (opens in a new window) – working with partners across industry, government and academia to enhance the UK‟s cyber resilience
  • www.actionfraud.police.uk (opens in a new window) – the UK’s national fraud and internet crime reporting centre

Please note that this article is not a comprehensive guide to cyber security and keeping your and your customers’ information safe. There can be no replacement for having the expertise of a cyber security professional and regular testing of systems and networks. We always recommend seeking out professional expertise to ensure you are compliant with all legalities and requirements from a data protection perspective.

1 According to official figures released by Financial Fraud Action UK (FFA UK) on 16 March 2017
Financial Fraud Action UK: Fraud the Facts 2017
3 Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure
4 According to Czech security firm Avast

    Contact Us

    If you have any questions or concerns about fraud contact us:

    0330 156 0155 / 0800 056 4890*