4th July 2016

Social engineering is the art of manipulating people. The overall aim is for the release of confidential information. The types of information sought can vary. When individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access to your computer for the  installation of malicious software, enabling access to your passwords, bank information as well as giving them control over your entire computer. Businesses by being connected to the internet are a prime target for cyber crime because threats can come from online sources in various forms which appear innocent on the surface but which are malicious.

What is the Impact of Cyber Crime on Business?

Cyber crime involves a breach of the business’ online security, which could lead to the breach of business software and the theft of the financial information of the business or its customers. The problem facing cyber crime is that if the business were to remain unaware of the breach to its sensitive information, cyber criminals could continue to drip-feed information which was submitted to such software systems. If a business were to become a victim of cyber crime, the most pressing concern would be the breach of sensitive information and a resulting financial loss to the victim. There would almost certainly be some aspect of liability arising for the firm as a result of the cyber crime, but an aspect of liability may also arise through loss of reputation.

Types of Cyber Crime

There are several main variations of cyber crime currently utilised by cyber criminals.

Phishing

Phishing involves the perpetrator sending supposedly legitimate emails from companies asking the victim to reveal sensitive information, such as passwords and credit card details, online. The victim is ‘lured’ into taking the bait of revealing information to a false website which attempts to replicate a banking website, and as such caught in a creel of financial trouble.

Pharming

Pharming is the practice of ‘herding’ computer users from legitimate website to fraudulent ones in order to obtain access to confidential data.

Vishing

Vishing is a practice used by fraudulent businesses in order to convince individuals to surrender private information over the telephone. The victim is usually assured of some form of profit in return for the information they provide, but often all they ‘vish’ is that they had not answered the phone.

Advice for Business

Businesses primarily should accept that the risk of becoming a victim of cyber crime does exist, and this awareness of the threat of cyber crime should itself help firms to tackle the problem. Businesses can take a number of small steps in order to reduce the implications of such criminal activity.

Firstly, a basic level of understanding of cyber crime can assist in a firm’s ability to tackle such a problem. For example, knowing that phishing is a form of cyber crime which attacks businesses through emails can allow SMEs to train staff on how to recognise potentially fraudulent emails. The most sensible form of advice is being aware of the threat and having a strategy which directly targets each threat of cyber crime in order to reduce the risk of such crime overall.

In the case of vishing, if your SME was to become victim of telephone calls seeking disclosure of private financial information, a good practice would be to identify the caller and try to ascertain if they are a legitimate business. Simply asking them who you are speaking to and conducting a quick Google search may be enough to inform you that you are about to be the victim of a crime.

Similar attacks may also arise from ‘CEO’ email attacks, where the hacker would target employees who are subordinate to a senior figure i.e. a CEO. For instance,  the employee may receive a direct order from the supposed CEO asking that employee to provide account details or transfer funds to a certain account. However good practice, in this instance would be to hover your mouse over the email address which may unveil a different email address than you may expect. This would allow your employees to weed out harmful emails.

A final piece of specific advice would be to utilise Apple pay or similar services which allow payments to be made without disclosing bank details to the vendor or potential third parties. Limiting this third party disclosure occurs by Apple pay attaching a transaction code to the payment, rather than all bank details, thereby limiting the opportunity for bank details to be intercepted.

An overarching method of preventing cybercrime would be to have a business policy in place. This would enable a collective approach to be taken towards tackling cybercrime within a business, where awareness is distributed amongst the organisation as a whole.

Cybercrime is not merely a topic which partners or senior members should be tackling, but given that attacks may happen within any level of the business, policy must also be distributed accordingly. Cybercrime is an offence which prays on the vulnerable and unprepared, therefore a preventative approach is recommended.

For more information call us on 01463 221727, or visit our website and fill out our form submission.