FRC reform: more red tape or improving professional standards?
In July’s King’s Speech, we learnt long-awaited audit regulator reforms are back on the table, with the new Labour...
READ MORE
Recent research by LexisNexis Risk Solutions reveals increases in two broad categories of cybercrime that pose significant risks to accountants and small businesses.
Human-initiated and bot attacks have significantly increased.
Identity theft and invoice fraud are key areas of vulnerability for accountancy firms and their small business clients.
Robust security protocols, regularly updated, are the best way to reduce cybercrime risk.
Human-initiated cybercrimes in the United Kingdom increased 92% in 2022 while bot attacks increased 81%.
The first category includes investment and romance scams, while the second captures large-scale automated cyber-attacks with increasingly sophisticated cybercriminals employing automated scripts and algorithms to steal valuable data for financial gain.
“Fraudsters are getting smarter,” says Rob Woods, UK-based Director of International Market Planning and Financial Services at LexisNexis Risk Solutions. “Education and awareness are essential – we’re not as vigilant as we should be.”
According to The National Crime Agency the UK has seen marked growth in high-profile ransomware campaigns that involve hijacking files and holding them to ransom. The instigators are mainly Russian-language criminals operating ransomware as a service, it says.
But it also warns that tactics are shifting, with targets more likely to be businesses than individuals. 'Off the shelf' tools are now allowing less technically proficient criminals to commit cyber-crime, while evolving malware as well as hacking, phishing and malicious software is also on the rise.
As cybercrime evolves, new fraud types are emerging.
The Cyber Security Government Strategy (2022 to 2030) also acknowledges the growing risk within supply chain attacks that are usually linked to vendors with poor security practices.
Not only do small businesses need to prioritise supply chain security but they should ensure all third-party partners, including data storage providers, adhere to robust cybersecurity practices.
The weakest link is most likely to be the target of cybercriminals, says Woods. The adoption of more secure channels such as mobile and app-based online banking solutions as well as hi-tech, anti-fraud solutions has shored up defences for banks and credit card companies.
According to LexisNexis Risk Solutions, this tactic prevented £1.2 billion of unauthorised fraud in 2022.
Yet while banks may be highly regulated, and provide mandatory training for staff, this may not be the case across other businesses that handle financial data, says Woods.
“Fraudsters are looking to get the maximum return for the least effort,” he says.
Cloud data storage without protection is an obvious but common area of vulnerability – it can lead to synthetic identity fraud and other scams.
“Some people even make it super easy for criminals by putting all the data in a spreadsheet,” Woods says.
To keep clients safe, and to help them protect their own records, provide training to help your staff and clients encrypt data before it is stored within a potentially accessible domain.
Encryption alters data so that it is no longer readable by a human – it needs to be decrypted with an authorisation key first.
Cybercrime currently costs the UK £27 billion a year. To avoid falling victim to cyber threats, Woods advises accountancy and small business firms to:
Invest in and install robust online security measures: “Seek advice from an expert, engage the right people and allocate the necessary resources.”
Conduct regular audits of information and security: “Keep looking at your eco system to see whether it has been breached.”
Prioritise customers’ trust by safeguarding their personal and financial details: “Consult cybersecurity experts and avoid taking shortcuts when it comes to data protection.”
For more advice, visit Cyber Aware or the National Cyber Security Centre.