How to protect your business against the most common threats

At Ebury we’re always looking for tips on how to keep your business and your money safe. 

APP fraud and data theft are recurring fraud trends to look out for and protect your business against. We’d like to share some insight and tips on how to protect yourself against this threat.

Authorised Push Payment Fraud

It is widely recognised that APP fraud is now the fraud of choice globally, as well as at Ebury, this is unsurprisingly also the most common fraud typology. Below is a reminder of the red flags to watch out for:

• An existing supplier unexpectedly changes their payment details just before an invoice is due:
  – Especially if the new bank account is located in a different country to the supplier
  – Especially if the new bank account is held in a different name or is a personal account
  – Especially if the supplier gives a strange reason why the bank details are changing, such as “our usual bank account is under audit”
• An existing supplier expresses undue urgency to send a payment or you notice spelling mistakes or a change of tone in their emails
• An existing supplier starts emailing you from a different email address, or one that is slightly different (i.e. @supplier.com vs @suppplier.com)
• A new supplier has a recently created website, which may be poorly maintained or under construction, or has very little web presence at all when searched online
• A new supplier has negative media when searched online, such as ‘scam’ reviews

Data Theft

Criminals are always looking for lucrative methods to steal from businesses, such as the theft and sale of company data.

Very few companies can be considered to be safe from this threat – it’s not surprising that the latest estimates put the cost of data theft at £190 million each year.

The risk of data loss can be caused by carelessness, negligence or malicious attack, especially with so many IT departments hastily enabling staff to work from home. Cyber breaches can be hugely expensive; as well as the cost, it can lead to a serious impact on reputation and a loss of client trust, as well as, of course, the loss of IP, personal data and fraud.

How can organisations protect against this threat?

• Data access policies should be integrated into onboarding, security awareness and offboarding processes. Limits to data access should also be set so staff can only access data that is necessary for their role;
• Training should be provided to promote the awareness of insider recruitment methods, such as contact via LinkedIn or social media;
• Vetting processes should be used to counter the risks posed by “organised placing” of applicants to act as malicious insiders;
• Anonymous reporting channels should be established for staff to report incidents of suspicious behaviour;
• Offboarding processes should include returning equipment, deprovisioning access and analysis of previous activity where there are concerns; 
• Privacy by design should be implemented so that Data Protection Impact Assessments (DPIA) and Privacy Impact Assessments (PIA) become routine activity; and
• Machine learning and analytics can be implemented and configured to spot suspicious activity, such as data transfers, accessing files outside of business hours, or attempts to rename files with something innocuous.

If you notice suspicious activity on your account or if you have been a victim of fraud, please email [email protected]