In a recent webinar hosted by qualifications provider the London Institute of Business Finance, Detective Sergeant John Mitchell from the Economic Crime Unit of the Isle of Man Constabulary was joined by Colin Tansley, Managing Director of Intelect Solutions, a firm which provides consultancy on cyber security and other issues.
Mr Tansley began by highlighting that the typical financial firm held a lot of data, and so was very likely to be a target for cyber criminals. Across all business sectors, the average financial loss from a data breach is £211,000.
He also mentioned some common misconceptions, such as:
- I would know immediately if my firm had been hacked
- Cyber security is looked after by my IT provider, so I don’t need to worry
- Anti-virus software provides protection against hacking attacks
28% of data breaches in 2020 were against small businesses, so he urged firms to adopt the approach of “it’s going to happen to me” rather than “it’s not going to happen to me”. He asked attendees to consider what the impact of having their identity stolen would have been.
Mr Tansley also drew his audience’s attention to a recent rise in the number of cyberattacks via SMS messaging. Nevertheless, he still spent a significant period of time talking about the threat from phishing emails, and highlighted several possible warning signs in an email:
- The email stresses a sense of urgency, saying you must take action immediately
- The message contains an attachment
- The message asks you to click on an external link
- The sender’s email address appears to show someone else’s name and/or a different firm from the one the sender claims to represent
- The message contains spelling and grammar issues
- If the matter really was that important, the sender would also make contact via means other than email
He also urged computer users to install all available cyber security software updates immediately
Then, he stressed the importance of staff education, urging management to send staff on cyber security training courses.
Finally, he urged all firms to conduct a cyber security risk assessment, with the assistance of an external firm that specialises in this if necessary.
DS Mitchell began his presentation by commenting on bank fraud cases, where individuals are persuaded to withdraw or transfer a significant sum from their account, or sometimes to take out a loan. The example he gave was of a ‘romance fraud’, where someone might be induced to send funds to someone they believe is an online admirer from overseas. He mentioned the ‘suckers list’, where criminals share details of people who have fallen for scams, which leads to some people falling victim to bank fraud on a number of occasions.