How to get your team ‘fraud ready’

By Nat Campbell

When it comes to the word ‘data’, as a business owner, there are two things that will have popped up on your radar recently. Naturally, your mind may turn to the pending deadline for compliance with the General Data Protection Regulation. The other big issue? Facebook. The social network’s CEO was recently quizzed at Capitol Hill because of the Cambridge Analytica data breach. In the scandal, millions of people had their data harvested without their consent. If you search for how many people have been affected you’ll come across a number of figures, but estimates are as high as 87 million.

But if Facebook can veer off course, even with massive resources at its disposal, what are the implications of the scandal for the SME owner? The truth is, every business relies on its people, even large-scale social media goliaths. But when you don’t have an entire department dedicated to monitoring your cyber security or your online presence, it’s natural that some owners will rely on their team’s latent knowledge.

We took a look at the results of NatWest’s Safe and Secure Survey to understand the UK’s approach to online security. The study profiles the nation’s attitudes to things like creating passwords and what we share on social media. We delved into the data and pulled out the key findings to help you turn your team’s general awareness into cyber security best practice.

Would you know what to do?

The moment you realise you’ve been defrauded always comes as a surprise. But if one of your employees suspected they had been a victim of online fraud at work, would they know what to do? Would you? When it came to the topic of ‘experiencing online security problems’, the survey revealed that 22% of people wouldn’t. If this happens during an online transaction using a company credit card, for example, any hesitation could be costly.

What about setting passwords?

Are you and your employees acting wisely when it comes to passwords? When you consider that 53% of us save passwords to internet browsers and, even worse, 41% of us are using one password for multiple online accounts, it’s definitely worth revisiting. With poor password hygiene, multiple online accounts are vulnerable if a work device is lost or stolen.

Get the right antivirus software and keep it up to date

Technology gives SMEs agility. Laptops and mobile devices can empower employees to stay in touch and work from anywhere. But to avoid any weak links your cyber security chain everyone in your organisation needs to know about the importance of keeping their devices protected and up to date.

It’s common to log into your work email account with your personal smartphone from time to time. But are the devices we’re using secure? Perhaps not. Especially, when you consider that 22% of respondents to the survey didn’t know what the best security software for their device was.

Back up everything…

It’s easily pushed to the bottom of the to-do list. But if you don’t set your company devices to back up you’re skating on thin ice. We spoke to world-leading security expert Mikko Hyppönen, Chief Research Officer for F-Secure, about staying safe online. Mikko is known for his TED Talks as well as appearances in the international media.

His charismatic advice leaves us with no illusions about just how devastating a cyber-attack can be – and the importance of having a contingency plan. “Back up. Back up your computer. Back up your phone. Back up your tablet. Back them up so you can recover them even if your house burns down. And then take a backup of your backup”.

Are we oversharing on social media?

Finally, we come to social media. The aforementioned data breach has implications for our personal data, certainly. But the information we share on our personal accounts can impact our business’ reputation as well as our own.

We asked Mikko Hyppönen about how we should approach sharing information on social media. His advice makes things crystal clear. “Never post anything online that you wouldn’t mind seeing posted on the cover of a newspaper. Even if you think your post is not visible to everyone, it could very well be.”

If you only read one section of this article, read this

Finally, we come to the five key takeaways that you can use as a blueprint for revisiting your team’s online habits.

  1. Get your team fraud ready. Have the phone number for your company’s bank in a place that everyone knows about.
  1. Revisit your teams approach to setting passwords. You should avoid using personal information or the company name – anything that would be easy to guess. Passwords shouldn’t be written down or shared and should be changed often.
  1. Make sure all company devices have the latest updates installed as well as the necessary antivirus software. Encourage your staff to do the same with their personal smartphones too.
  1. Back up everything. Cyber attacks can be devastating. Your hard-earned company data could be lost forever if you keep all your eggs in one basket.
  1. Whether it’s the company’s account or your team’s personal accounts, be careful what you share

Nat Campbell is a copywriter in the Financial Services industry and online business owner