Fraud and cybercrime are both areas of increasing concern to businesses and individuals alike. While cybercrime is attracting more of the headlines, you should remain vigilant for both.
Fraud is wrongful or criminal deception intended to result in financial or personal gain and encompasses a wide set of activities. Cybercrime is any criminal act enabled by a computer or similar technology and as such this might include theft of intellectual property, identity theft, online bullying and many types of fraud. There is therefore a significant overlap between the two.
The statistics on the potentially huge cost of fraud to the UK economy are sobering. Studies show that not only has the total cost of fraud been growing, but also that the number and complexity of frauds has been increasing and that frauds are impacting on businesses of all sizes.
The Office for National Statistics estimated that there were 5.8 million incidents of fraud and computer misuse in the 12 months to March 2016 with two-thirds identified as fraud. Action Fraud is the UK’s national reporting centre for fraud and cybercrime. This centre reports that fraud affects 1 in 4 small businesses every year, fraud losses to SMEs were estimated at £18.9 billion last year, and that 70% of frauds are cyber-enabled.
While it is not possible to completely eliminate your business’ exposure to fraud, there are a number of key points that every business should consider in order to minimise its exposure.
- Install good anti-virus protection and use a firewall.
- Consider email and web filters including targeted threat protection.
- Ensure all software is kept up to date.
- Make sure you have a disaster recovery plan.
- Consider penetration testing.
- Call in an outside expert to carry out a cybersecurity risk assessment.
Other internal financial systems:
- Do not allow sharing of log-in details for accounting or banking systems.
- Carry out an audit of assets exposed to fraud and ensure controls are in place over these.
- Maintain and update a full systems and controls manual.
- Split responsibilities so no sole individual can initiate, record and approve transactions.
- Implement a fraud response plan.
- Be alert to changes in employee behaviour such as missing holidays, staying late at work, and messy record keeping.
- Register to Action Fraud Alert and to any regional or industry based fraud network.
- Understand the latest frauds, as published by Action Fraud and various police forces.
- Make sure staff are well trained – most system breaches arise from user error.
- Use common sense: If something seems too good to be true, it probably is.
The Government has recognised the problem. Notably, against the tide of spending cuts, the Chancellor, Philip Hammond, signed-off a £1.9 billion National Cyber Security Strategy. However, there remain enormous challenges for the stretched resources of the police and regulatory authorities and given the nature of cybercrime, identifying the fraudster will on occasion remain difficult or impossible.
There can be no guarantees with any defensive steps taken, not least because fraud and cybercrime are constantly evolving. However, there is no alternative but to take preventative measures.
One of the more remarkable facts about fraud is not how sophisticated it can be, but how unsophisticated it often is. In many instances, the fraud is committed by a trusted individual in a company; sometimes it is even obvious who. A good forensic accountant can often very quickly narrow down a field of possible suspects based on knowledge of who has access to what, and when.
Unfortunately, there are no easy answers to fraud and cybercrime, but there is one necessary action: Vigilance.
If you would like further information on the above, please contact Tom Wacher, Director of Forensic Accounting at Kreston Reeves by phoning 0330 124 1399 or emailing him here. Kreston Reeves will also be holding a joint event on countering the threat of fraud and cybercrime on Tuesday 13 June 2017.
To register your interest in this event and receive full details, please email firstname.lastname@example.org.