Cyberfraud is sector agnostic. Any business in any industry is just as vulnerable, if not more, to data leaks and fraud, which is why curbing tech naivety should be high on the agenda for growing businesses
There has been a lot of talk about data breaches and cyberfraud in recent months.
Considering how both of these issues can be debilitating for growing businesses, it is crucial to understand the difference between the two, their relationship to one another and the warning signs of each.
What’s a data breach and why should I care?
A data breach is essentially when sensitive, protected or confidential information has been viewed, stolen or used by someone unauthorised to do so. Data breaches can be as broad as all of your employees’ email addresses, or specific and more sensitive, such as personal health information or intellectual property.
A timeline of famous incidents of data breach
The average cybersecurity breach in the UK costs upwards of £1.4 million, and according to new research, 52 per cent of data breaches last year were due to human error, mostly from a lack of awareness.
According to CompTIA, a global non-profit association for the technology industry, cybersecurity awareness is a vital first step for businesses across sectors to protect themselves against data breaches.
“Every business that uses IT needs to be aware of the consequences of bad cybersecurity practice,” according to Graham Hunter, CompTIA’s VP certifications, Europe and Middle East.
“Time and time again, we hear of employees causing data breaches, whether that be through leaving a USB device with important data lying around, or clicking on unsolicited links in emails. Such actions are rarely malicious and more often the result of a lack of training, knowledge or general carelessness.”
In order to drum up awareness among the SME community, CompTIA has launched a training programme, CyberSecure, which will include all the fundamentals of cybersecurity in the workplace.
“It’s clear that cybersecurity is no longer exclusively the domain of the IT security department,” Hunter adds. “The responsibility lies upon all employees to be secure with their devices, and this only increases as more employees work remotely and on the move.”
What about cyberfraud?
Overall, fraud could be costing the UK economy up to £193 billion a year, according to this year’s Experian Annual Fraud Indicator. Phishing attacks rose by more than a fifth (21%) last year and were estimated to cost Britain more than £280 million, affecting the procurement and insurance industries the most.
In terms of legal support, Patrick Arben, a partner at Gowling WLG, explains that the onus to prevent cyberfraud may lie entirely on businesses. “Where tackling cybercrime is concerned, it is important that business owners remember that the role of the police and other national crime agencies is not focused on detection, rather raising awareness of the risks and the need to self-protect against any attacks. Business owners should, therefore, be as pro-active as possible in backing up valuable data and realising how to spot suspicious communications requesting confidential information,” he explains.
According to Experian’s ID and fraud expert, Nick Mothershaw, businesses have a lot to gain by taking accountability for their IT security. “Resilience to fraud can only be tackled from the grass-roots up, so it’s up to each organisation to not only manage fraud as a loss factor, but to overcome it by treating fraud prevention as a growth opportunity,” he says.
The two-for-one combo
Data breaches and cyberfraud are essentially two sides of the same coin, so a two-pronged approach towards both may be in order to prevent attacks of any kind. Both tend to be financially motivated, and that could have an immediate impact on your business. Attackers may attempt to use stolen data to carry out fraud in a two-part crime.
“Fraud costs merchants money in a number of different ways. Lost goods and lost revenue through chargebacks both hit merchants in the pocket. There is also the possibility that merchants will become too risk averse and tighten up their rules to the extent that legitimate transactions are declined because merchants do not have the protocols, expertise, and systems in place to differentiate between fake and genuine consumers,” Don Bush,VP at fraud solution firm, Kount explains.
Unfortunately, businesses will always have to stay vigilant against data breaches and fraud. However, basic understanding of the two, how they’re different, how they relate and how to watch for them is good place to start.