Every business in Hertfordshire will be targeted by online fraudsters and cyber criminals, they have been warned.
But simple steps to prevent attacks were given to dozens of attendees during a virtual breakfast seminar organised by the Police and Crime Commissioner David Lloyd.
Police officers and council staff spoke at the event laid on through the Independent Business Advisory Group (IBAG), which was established by Mr Lloyd to help local firms tackle and discuss key crime issues.
Guests were told that while firms spend thousands of pounds on CCTV cameras and security guards, that cyber security was often overlooked.
Cyber fraud threats including phishing, malware and mandate scams and ways to defeat them were all covered at the virtual meeting last week (Thursday October 8th).
Opening the seminar Mr Lloyd said: “You are a target, you must take the threat seriously and you must take action. The purpose of today’s seminar, is to enable you to do that.
“We have some of the best people in the business online with us here to provide that support.
“Hertfordshire his home to a vibrant business community of over 60,000 businesses, with micro business accounting for more than 90 per cent of that total. Those micro businesses are the most vulnerable to cyber threats as they don’t have the access to IT staffing that large firms possess.
“Many believe that they aren’t at risk, or that it’s too difficult to do anything about it. That simply isn’t the case, the threat is real and there is real practical support available to help you mitigate the threat.”
“It is an astonishing fact that nearly a third of all crime is committed against businesses. We need to hear from businesses about the type of crime that is affecting you, so we can work in partnership to address is. IBAG is the perfect forum in which to address that, membership is open to anyone in the Hertfordshire business community, I urge everyone to get involved.”
Chief Superintendent Richard Liversidge provide an overview of fraud and cyber crime issues in the county.
The scale of the threat shows that last year there were 7,664 reports of fraud and cyber crime in Hertfordshire with £28.3 million in losses against individuals and companies. Of that businesses reported 873 of the crimes with £4.6 million stolen.
“All companies from large multi-nationals to hairdressers are targeted by fraudsters. The largest group of companies targeted, at 49 per cent is Limited Companies, followed by PLCs, charities, sole traders and partnerships.
“No type or size of company is immune from attack. Training and awareness are key. Companies spend thousands of pounds on physical security such as cameras and guards but less so around cyber threats.”
Hertfordshire Police’s Cyber Protect officer Phillipa Phipps, gave practical advice on how to spot and prevent common cyber-attacks.
Phishing is when attackers attempt to trick users into doing 'the wrong thing', and can be conducted via text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email.
In a typical attack, scammers send fake emails to thousands of people asking for sensitive information (such as bank details), or contain malicious links or attachments containing malware, such as ransomware.
Their motivations vary, from system sabotage and data theft, to financial gain; for example, encrypting your organisation’s data, and holding it to ransom.
Phillipa also spoke about Mandate fraud, and offered advice on how to protect organisations from this very current and damaging threat.
Mandate Fraud is when someone gets you to change a direct debit, standing order or bank transfer mandate, by purporting to be an organisation you make regular payments to, for example a business supplier, customer, subscription or membership organisation.
To protect your organisation from this very current threat, verify all invoices, as well as requests to change bank account details using established contact details you have on file.
Have you spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): email@example.com