Protecting your business against scams

Fraudsters and scammers come in many disguises. They might include: 

 

They use many different tools and techniques to sound plausible and convince you to take a seemingly innocent step. That’s all they need to steal your money, hijack your business and damage your reputation. 

 

To minimise the continuing risks of cybercrime, make sure all your employees use strong passwords for all their devices and applications. They should be at least 15 characters long and use a mix of upper- and lower-case letters, numbers, and symbols. You should have a policy to change passwords regularly (at least quarterly). Use multi-factor authentication (MFA) on employee devices and apps so they must add an additional code before accessing sensitive information. To protect your business in case the worst happens also contact your insurer to confirm you have adequate cyber insurance. 

 

1. Become suspicious. If you’re contacted about an exceptional opportunity, scepticism is good. Anyone making a genuine business proposal won’t mind if you ask for detailed information, documents and references. If what they’re offering sounds too good to be true, it probably is. 

 

2. Have a clear picture of ‘normal’ operations. Clear financial systems and processes help you monitor all your business operations. Make sure you know who you employ, what they’re entitled to do and how. Have written policies about your legal and regulatory requirements and best practices. Make sure you review things regularly so any discrepancies are quickly noticed. 

 

3. Understand your customers and suppliers. Scammers are very good at appearing legitimate. They might send emails or text messages, for example, that appear to come from a trusted source. Make sure everyone in your team knows they should check any unusual communications, such as requests to change bank details. 

 

4. Review vulnerabilities. It’s difficult to imagine how a scammer might attack your business because you don’t have a criminal mind. However, you can review your internal and external systems to minimise risks. This could include making sure people can only access or change information they need for their job. If you’re unsure about your IT security consider bringing in experts to review your systems and make recommendations. 

 

5. Discuss risks openly. Many successful scams rely on human errors such as using links in emails or texts. Make sure everyone is regularly reminded to only access links through a separate browser and to check if they are legitimate. If necessary, encourage your team members to call the person or company that appears to have sent the message. 

 

6. Use backups. Ransomware attacks are common. They can stop you accessing key information or even shutdown all your business systems. Paying the ransom won’t always solve the problem. The best solution is regular and secure back-ups that can restore your systems and data if this happens. 

 

7. Maintain clear financial procedures. To manage your risks effectively make sure your financial processes are clear and controlled. This might include how you verify, authorise and make business payments and who has access to financial and accounting systems. Make sure your bank statements are reconciled frequently so inconsistencies are noticed quickly. 

 

8. Look after your physical assets. Business equipment, computers, smartphones and intellectual property all have value. Make sure your business insurance covers them for cyberattacks, theft and fraudulent use. Keep accurate inventories so any missing items are identified. 

 

9. Have an emergency plan. While you might hope to avoid the attention of scammers make sure you’re prepared. Create an action plan so you can respond quickly to minimise the damage caused by a scam. 

 

10. Report scams. Action Fraud is the UK’s reporting centre for all types of fraud and cybercrime. If you’re the victim of an attack or think you have been targeted report it to the Police by calling 101.