BMJ September 2023

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

BUSINESS HELPDESK HELP DESK SECURITY ALERT!

Cyber crime is growing, with some 39% of UK businesses identifying an attack or breach in 2022. Alan Tattler of Specialist Risk Insurance Solutions, a BMF Partner, offers advice on protecting your business.

WE HAVE SEEN A SIGNIFICANT increase in the amount and severity of cybercrime affecting businesses in the UK, as every business is now digitally dependent to a greater or lesser extent. Payroll systems, accounting software, stock management systems, CRM platforms, marketing databases, payment card systems, and plain old email are all essential to assist the smooth running of most businesses.

The sheer number of phishing and malicious emails continues to grow, as does the sophistication of the scams contained within them. We are increasingly seeing businesses falling victim to fraudulent emails designed to spread malicious software, such as malware, ransomware, and other viruses which encrypt, corrupt and damage business operating systems.

We are also seeing more social engineering and invoice hijacking scams. For example, an employee may receive an email or telephone contact to obtain information or to encourage them to amend the payment details, often for a legitimate unexpected invoice. Or the scammer may have intercepted an order and, posing as the legitimate supplier, ask for payment to an alternative bank account or alternative method. Malicious emails also have the potential to damage the reputation of a legitimate business whose account has been “spoofed” to provide a veneer of authenticity to the scammer. In the building materials sector, we have seen a significant rise in the amount of spear phishing attacks. Spear phishing is where emails will be spoofed to look

legitimate and appear to originate from the correct domain name. Using this, the threat actors/ hackers can target suppliers, customers and associated businesses by sending them an email, often with attachments that include malicious software or links to other forms of virus or scam.

Legitimate looking Across the construction industry there are recent examples of emails being circulated from what appear to be legitimate sources, encouraging businesses to click hyperlinks to participate in tenders, update their contact details, download catalogues and promotional materials or even just visit websites. Often such attacks do not require the it system of the spoofed business to be compromised, and they are unlikely to know it has happened until they are challenged by the victim.

The risk of spoofing can be mitigated, but businesses must first initiate or update a dmarc policy (domain message,

September 2023 www.buildersmerchantsjournal.net

authentication reporting and conformance). This is an it standard to prevent spammers from using your domain to send emails without your permission. Without this standard, spammers can forge the “from” address, so that their spam message appears to come from a user in your domain and, therefore, could appear legitimate. Should one of your customers fall victim to the scam – even though your system had not been compromised – your business may still suffer reputational damage as a result. Specialist risk insurance solutions works closely with the builders merchants federation to support its members. Cyber insurance, for example, provides much-needed indemnity and access to breach response services, that may be the difference between a business surviving a loss or not. Prevention, however, is undoubtedly better than cure. Whilst it is impossible to ensure your system is 100% secure, there are several areas where you can improve and remove the

low hanging fruit. The team at Specialist Risk Insurance Solutions will provide a complimentary cyber vulnerability report for every BMF member who requires one. Generated by KYND, a pioneering technology that makes complex cyber risks easy to understand and manage for any size of business, this report provides insight into an organisation’s cyber exposure, highlighting any system

vulnerabilities and providing a peer group comparison of the business IT infrastructure. The report also contains recommended actions to fix the issues identified and help limit potential future exposure. BMF members can request a complementary KYND cyber security report or find out more about cyber insurance by emailing cyber@specialistrisk.com

To find out more about the full benefits of membership and how to join the BMF visit www.bmf.org.uk, email: info@ bmf.org.uk or phone us on 02476 854980.

17

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40