Cookie Consent by Free Privacy Policy Generator

Cyber-crime advice for businesses - Publications

Service area
Businesses
Service
Business support
Publication detail

Businesses, like consumers, are the targets of cyber-crime and small and medium-sized businesses are often targeted. The Federation of Small Businesses estimates that small businesses lose up to £800m each year to cyber-crime

Follow this advice to help you protect your business.

Common business-related cyber-crime scams that businesses need to ensure their employees are aware of.

Advertising Scams. A business receives an email with an invoice for advertising. The email is similar to those sent by the business’s genuine advertisers and is mistakenly paid, the business believing that it was for a repeat advert. In reality, the email is bogus and has been sent by a criminal gang. Either the money simply disappears or an advert is placed in a magazine that has no circulation and is therefore worthless.

Business Invoice Virus. A business receives an email that appears to come from another legitimate trader, requesting payment dates for ‘invoices’ attached to the email. However, these attachments contain viruses designed to steal personal and financial information if they are opened.

Business Rates Scam. A business receives an email from someone claiming they can appeal their business rate rise and achieve a large reduction. Many of these ‘rate reduction’ firms target businesses when their rates are re-valued and new rates applied (once every five years). Some charge fees of around £500 and may be making claims that cannot be substantiated.

Data Update Scams. Businesses receive official-looking email requests for them to ‘update’ or ‘verify’ company data, often on a website directory. In reality, the business is not required to do anything and responding could lead them to unwittingly agreeing to a monthly registration fee.

Business Phishing Scams. Businesses receive bogus emails, often claiming to have been sent by HMRC or similar, asking them to follow a link on the email to complete tax return information etc. In reality, the link takes the business to a bogus website infected with viruses designed to steal personal and financial information. Many of these viruses may also contain ransomware, designed to lock a business out of their computer system until a ransom is paid.

DDos Attacks. DDoS (or denial of service) attacks happen when a businesses website is maliciously bombarded with requests from infected computers (without the computer owners knowledge), causing Internet traffic problems that slow the website down so much it becomes unusable, disrupting the business’s on-line trade. These attacks are coordinated by hackers or criminal gangs. Often, the criminal will contact the business first and demand money with the threat that an attack will be made if the business does not pay up.

Basic Cyber-crime Advice

These are simple tips that all businesses can follow to protect themselves.

  • Train employees in security principles. Establish basic security practices and policies for employees, such as requiring strong passwords and not opening or downloading attachments in unusual/unexpected emails or following links they may contain. Establish appropriate Internet use guidelines. Establish rules of behaviour describing how to handle and protect customer information and other vital data. Ensure staff can recognise the latest cyber-crime related frauds/scams and know how to deal with them.
  • Passwords and authentication. Require employees to use unique passwords and change passwords every three months. Consider implementing multifactor authentication.
  • Limit employee access to data and information, and limit authority to install software. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.
  • Employ best practices on payment cards. Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
  • Secure your wifi networks. If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
  • Control physical access to your computers and create user accounts for each employee. Prevent access or use of business computers by unauthorized individuals. Administrative privileges should only be given to trusted IT staff and key personnel.
  • Make backup copies of important business data and information. Regularly backup the data on all computers. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.
  • Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
  • Provide firewall security for your Internet connection. Make sure the operating system’s firewall (or that supplied with your security software) is enabled.
  • Protect information, computers, and networks from cyber-attacks. Use the latest security software, web browser, and operating system and keep these up to date. Install other key software updates as soon as they are available. Carry out regular scans.

More information for businesses

Cyber Aware: This UK Government website and campaign has collected together a wealth of links to websites with information, advice and support for businesses and consumers wishing to protect themselves in cyberspace.

Businesses may wish to consider becoming Cyber Essentials adopters. Cyber Essentials is a new Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats. Businesses can seek to attain a Cyber Essential badge or simply to self-assess and apply the controls required.

Get Safe Online: This website is a unique resource providing practical advice on how to protect yourself, your computers and mobiles device and your business against fraud, identity theft, viruses and many other problems encountered on-line. It contains guidance on many other related subjects too – including performing backups and how to avoid theft or loss of your computer, smartphone or tablet. Every conceivable topic is included on the site – including safe online shopping, gaming and dating … so now you really can stay safe with everything you do online.

Action Fraud: is the UK’s national reporting centre for fraud and internet crime where you should report fraud if you have been scammed, defrauded or experienced cyber-crime. The website and hotline provide a central point of contact for information about fraud and financially motivated internet crime. To report a fraud, contact Action Fraud or phone 0300 123 2040.

Contact us

Contact us online

Update cookies preferences