The security sector encompasses many businesses that protect other people’s personal safety, property, money and environment. Reputation is everything in this sector and being able to demonstrate the discipline and integrity to do the right thing and act professionally all of the time is paramount. The continual maintenance of best practice standards is expected from employers and customers alike, with trustworthiness and resilience being features that set businesses above their competition.
But how does a security business protect itself? How can it demonstrate to its customers that the protections are in place? Jane Waterfall, Business Development, IASME, explains…
Threats to your business
The security sector deals with valuable and often confidential information and can provide an access point to all kinds of people and businesses across the supply chain. This makes it vulnerable to cyber-attack.
According to the figures from the Government’s 2021 Cyber Security Breaches Survey, two in five businesses reported having cyber security breaches or attacks in the last 12 months. It is reported that one in six firms who suffered a cyber-attack in the past year said they almost went under. This indicates that even a simple cyber breach can seriously inhibit an organisation’s ability to keep operating. Many small businesses pay the ultimate cost and never recover.
A cyber breach can involve the theft of your customer’s personal data which criminals can sell or use to launch further attacks. For a security company, protecting personal data is more than just complying with GDPR, as even the smallest security breach can be catastrophic for reputation and destroy trust.
According to the National Crime agency, fraud is now the most prevalent type of crime in England and Wales and a significant rising problem for businesses. The 2017 Annual Fraud Indicator estimated fraud losses to the UK at around £190 billion every year, with the average organisation in the UK expecting fraud related losses to account for 3-6%, although in some cases, as high as 10%.
Whereas it’s true that good cyber security can mitigate a large volume of online fraud, it is just one tool in a multi tool approach. Fraud remains very much a people problem, and this is why awareness, staff training and monitoring are crucial for counter fraud, as well as having polices and strategies in place to prevent and detect crime. Nobody can provide a single solution to prevent all business fraud, but businesses can help themselves by using controls to reduce the risk of fraud and training staff and increasing the awareness within the company.
READ: Cyber Essentials receives biggest update to technical controls since launch
Bank Transfer fraud (also known as authorised Push Payment fraud) is a serious form of fraud that uses social engineering. Criminals can intercept business emails and are therefore in the know about upcoming transactions and the movement of large sums of money. When the time is right, they will contact an organisation via phone call or email pretending to be a client or a bank manager and instruct payments to made into a new, different or ‘more secure’ account. Once the member of staff has been tricked and money is transferred into the criminal’s account, it is swiftly moved on elsewhere making recovery of the funds very difficult.
Another threat that is on the rise is from the fraudulent insider. Many companies need to take on extra staff quickly to cope with increased demands at busy times of year and scrutiny of new employees may be rushed through or disregarded. Dishonest people exploit times of pressure to place themselves within an organisation to carry out crime.
How do you protect yourself?
The Cyber Essentials Scheme is an effective, Government-approved scheme that helps organisations of all sizes protect themselves against the most common cyber-attacks from the internet. The scheme represents a minimum baseline standard for cyber security in the UK and signals to other companies and your customers that you have taken control of your cyber risk and can be trusted with their information. By certifying annually to an evolving Government-approved scheme, small steps that are inexpensive and simple can become embedded into an organisation’s every day working practises and this will develop a security conscious culture.
Cyber Essentials focuses on five technical controls that form key elements in the layers that will help mitigate a phishing attack and other un-targeted cyber-attacks.
If you outsource your IT to a third-party provider, the security risk to your network remains your responsibility. Do you know the cyber security status of your IT provider? It is recommended that your IT provider is certified to Cyber Essentials as a minimum. Third-party IT providers may look after the networks for numerous businesses and have administrative privileges to all their systems. It is vital that you are reassured of the security measures that your provider has in place to protect you and itself.
The Counter Fraud Fundamentals (CFF) scheme was developed by IASME and a team of counter fraud experts in partnership with Open Banking Implementation Entity. The scheme is an ideal way for any business dealing with financial transactions to prove to their customers and supply chain that they take their responsibility to combat fraud seriously.
The process of working through the CFF self-assessment questions helps an organisation identify whether they have adequate counter-fraud measures in place to prevent, detect and respond to fraud. It provides an opportunity to improve. The questions are centred around the company, its employees, the responsibilities for reporting fraud, and managing and documenting fraud risk. Counter fraud measures involve awareness, staff training, staff monitoring, and having polices and strategies in place to prevent and detect crime.
IASME helps businesses improve their cyber security, counter fraud and risk management through an effective and accessible range of certifications.
Want to know more about IASME Consortium and its range of certifications? Speak to the team at IFSEC International between 17-19 May at London’s ExCeL – the team will be on stand IF2644! Register for your free ticket, today >>
Secure your place at IFSEC International 2022
17-19 May 2022, ExCeL London
Reconnect in-person with the physical security community at IFSEC International 2022. You’ll find hundreds of leading exhibitors from the physical and integrated security sector, showcasing all the latest in video surveillance, access control, intruder detection, perimeter protection and integrated software solutions. Plus, network with thousands of peers and likeminded professionals, as the industry comes back together at IFSEC for the first time since 2019.
IFSEC 2022: The #1 reunion event for the security industry