Since the very first lockdown on March 26th, 2020, online fraud, identity theft, and cyber-attacks have increased.
The five things every person, company, and organisation should know include:
- What – A cyber-attacker steals personal & financial data by gaining access via compromised accounts or using social engineering or phishing techniques.
- Why – Cybercriminals can either use the information for direct financial gain, such as buying things with your bank cards or in your name (identity fraud), making false purchases, or creating false reviews. They can sell your data to other companies for marketing purposes or lure you into a ransomware attack.
- Who – It doesn’t matter if you’re a business owner or an employee; protecting against ID fraud and cyber attackers is a team effort. Businesses need to make sure their products are secure, and their workforce is well educated. Employees need to ensure they are following best practices to keep their accounts secure.
- Where – Businesses and employees need to make sure they are protected no matter where the user is located or what device or operating system they are on.
- When – Your devices need to be secure all the time. Security needs to be monitored continually, and your security policies should be updated regularly, for example, every twelve months or after each product update. When cybercrime is on the rise, as is the case today, you should review your security every six months or more often.
How to find out whether you have been a victim of identity theft or fraud
- Receiving a message from a company using fraud detection software
- Money is gone from your account, which can be a small test charge ahead of a more significant amount
- You have been signed out of your account, indicating activity that isn’t yours
- You do not recognise payments from your account
- You are not receiving mail indicating your billing address has been changed to prevent you from seeing your bank or credit card statements
- You are turned down for a loan or credit card, offered higher interest rates, or have a poor credit rating due to the amount of credit in your name
- You are receiving or being billed for items you have not purchased
- Your tax return is rejected
You can check your compromised passwords here: https://haveibeenpwned.com/
How to stop ID theft & fraud to protect your business
You can achieve the best identity theft protection and protect your business from cybercrime by:
- Penetration testing – Penetration testing should be carried out by a certified Cyber Essentials and CREST penetration testing cybersecurity company. Pen testing mimics the attacks and techniques used by criminals and hackers to identify vulnerabilities in your network and applications. You should have a pen test annually or more often, depending on the risks associated with your business or industry. You can contact OmniCyber Security to discuss penetration testing on 01778 360 2018.
- Training – Educate your customers with regular email campaigns and educate staff with seminars and meetings. Education should cover security topics such as password security, social engineering, Phishing, not sharing passwords, using password managers, biometrics, and 2fa (two-factor authentication). Customers and staff should always check URLs in links to ensure they are the same as the company they claim to be and call the company to enquire if any doubts exist. You can also limit your exposure by having fewer cards and accounts.
- Tools – Use fraud prevention tools.
You should also look into BC/DR & PR services, they won’t be able to prevent an attack they will help to ensure that there are steps in place to ensure your company can continue to function and limit the damage if the worst should happen. This will cover all types of disasters, not just breaches and cyber-attacks.
What to do if it happens
If you are a business owner, and you have a BC/DR plan, ensure that you are following all the steps and alert the authorities.
- Contain the breach
- Assess the damage
- Identify the attacker/contact the authorities
- Manage the fallout
- Contact businesses such as insurers, etc.
- Contact any clients, customers or employee that have been/will be affected
- Take steps to prevent a future attack
- Change your passwords
- Contact the company to request a refund or your bank to instigate a chargeback
- Cancel the card
- Report it to authorities
- Contact creditors
- Transfer any funds out of that account
- Contact the company responsible for leaking your data to ensure changes have been made to prevent future breaches
- Find out if you are owed any compensation