This page contains a Flash digital edition of a book.
FEATURE


BUSINESS CRIME & PROTECTION


Protection


Professional advisers hold confidential or sensitive data on behalf of, or regarding, clients’ businesses. If that information were to be exposed, it could result in


brand damage or financial loss. The recent hacking of Panamanian law firm Mossack


Fonseca is a strong example. It exposed the secret tax affairs of many individuals and organisations around the world, an incident that uncovered the Prime Minister of Iceland’s connections to an offshore shell company and subsequently led to his resignation. Who are these professional advisers, and why do they


pose a risk? Accountants hold information on mergers and


acquisitions, staff payroll and sensitive documents on a company’s financial health. This data can be used easily for corporate identity theft or to perpetrate more complex scams.


Solicitors may hold sensitive data on larger financial


transactions, such as property purchases. They know intimate details on tenders and on confidential legal proceedings and may also hold information on legal proceedings with employees, customers or other companies, presenting a risk of blackmail. Insurance brokers know every risk a client business faces.


If any weakness in the business became common knowledge, it could be easily exploited. Marketing agencies know a lot about a client’s business


because they have to promote the positives and hide the negatives. The client business is responsible for the personal data that an agency stores on its behalf and if the agency suffers a data breach, the firm is ultimately accountable. They can also have some control over a company’s brand and, thereby, its brand reputation. A businesses needs to be aware of the potential repercussions of its marketing agency’s integrity. Security companies, such as those which install alarm


and security systems, will often hold on file a detailed schematic layout of a client’s premises and of the systems installed. Discovering this information could make physical access, and bypassing of systems, much simpler. Why are these trusted relationships a risk? The simple


truth is that technology has become increasingly present in the workplace. But while it has enabled people to work faster, it is also easy to exploit. Business relationships can


38 business network June 2016


recipient is to immediately act on it. Organised crime syndicates have realised that the more


specific their messaging, based on in-depth research of their target, the more likely they are to land a good pay day. What can you do about this risk? The first part of the


solution is to ensure that employees have the knowledge and skills to spot suspicious emails, and the confidence and training, backed-up by corporate processes, to handle incidents when they arise. Managing information security governance within a


company’s supply chain solves the second part of this problem. In plain English, this means making sure the businesses to


which you trust sensitive information have their house in order. A few simple steps include:


• Ensuring the professional adviser carries appropriate professional indemnity insurance and has a cyber insurance policy


• Being clear about precisely what information each adviser holds about the business. Ask the adviser to provide appropriate warranties or details on controls taken to minimise the likelihood of unauthorised access to the information or consequential loss as a result of misuse of the information


• Ask the adviser if the business has a Cyber Essentials certificate. This is a sign that it subscribes to at least the minimum recommended actions for securing its business… and yours


• Make your advisers aware that any instructions received from you by email should be queried with you on the telephone prior to being carried out. This will reduce the risk of fraud through fake emails or social engineering attempts. Undertaking these activities will provide a stronger


framework for reducing the risk of fraud and other cyber crimes against your business.


Aaron Yates of Berea


‘Technology has become increasingly present in the workplace but while it has enabled people to work faster, it is also easy to exploit’


for your professional adviser


AARON YATES, founder and Chief Executive Officer of Berea, offers his advice on ensuring your professional adviser’s stance on cyber security does not pose a threat to your business.


be exploited by unauthorised middlemen (con artists and hackers) in what is called a ‘social engineering’ attack. The most basic of these cyber attacks comes in the form


of ‘phishing’, where a legitimate-looking email, appearing to be from a trusted contact, requests that you undertake an activity, such as providing personal or sensitive information or transferring funds. The more ‘real’ the message appears, the more likely the


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56