This page contains a Flash digital edition of a book.
The Analysis Forums


Is the fraudster ahead of you?


It is good to talk: criminals rely on the lack of communication between commercial organisations to win


Laurie Beagle Managing director, Forums International lauriebeagle@forumsinternational.co.uk


When we talk to our forum members about fraud, we always ask: have you had an attack recently? If so, was it successful or were your internal processes strong enough so they went away empty handed? It is very understandable many businesses


do not want to admit to being attacked and to not publicising the fraudster was successful. Businesses are aware that making these events public, even if it is only internally, could affect staff morale and customers can become alienated. Even small frauds can add up to significant sums and major fraud losses can ruin businesses. Criminals can exploit human frailties in


order to facilitate crime, however. When these attacks do take place (hopefully rarely) then you should always have a debrief. Look into the detail of what happened, who was involved, what actions were taken, did your fraud prevention procedures and alerts work. Then see if there are things that need changing. As your businesses evolve and the markets you trade with change, then fraud prevention processes need to be updated. Please always see this as positive. It is the security of your businesses that matters. During this debrief, consider if the improvements are people related


or IT infrastructure without knowledge of the organisation’s IT department. It became apparent the use of personal cloud storage and personal e-mail was widespread. From a data-protection perspective this rang alarm bells as it meant sensitive data was leaking outside the control of the organisation and the passwords most people were using were weak. The cybersecurity audit results were


As your businesses evolve and the markets you trade with change, then fraud prevention processes need to be updated


so training is needed or is that the fraudster has become more sophisticated and that is the driver for better defences. Also do not undertake these investigations without involving all the appropriate team members and please remember there are professionals available too. Cybersecurity: I find this word invokes one of two reactions. Either


eyes roll and glaze over – ‘oh here we go again another chat about IT security’ – or there is a look of fear and dread, in preparation for a load of technobabble. I try to avoid such reactions by taking away the terminology and I always focus on the biggest risk, which is not the technology but the human. At a recent cybersecurity audit, it was agreed staff would benefit


from attending a short cyber-awareness session. During these sessions held across different departments it became apparent that there was a lot of ‘shadow IT’. What is shadow IT? Well, this is when departments or individual members of staff make use of software, cloud services,


February 2020


rather startling. Around 2,000 passwords for accounts on the local network were cracked within just a few hours. Some common passwords in use were ‘<xxx>starter’ (where xxx is the name of the organisation), ‘12345678’, ‘1234qwer’, and ‘password’. The typical password length was eight characters. Short passwords can be cracked by brute force easily using tools that are openly available to criminals and hackers. This has resulted in some immediate


actions to improve and enforce policies on passwords and, where possible, to switch on multi-factor authentication. Following open communications with the staff via the training and awareness exercises the organisation’s IT department has regained control and dealt with shadow IT issues, which has improved


their cybersecurity risk and monitoring for GDPR compliance. In conclusion, the simplest measure you can make to improve


cybersecurity at work is to ensure you keep an open dialog, with your staff, train them regularly and empower them to raise issues or concerns with your IT team. Sharing experiences and intelligence is the best ammunition you


have in your armoury to combat the fraudster. I am a believer that there is no experience somebody has had like yours. We, via our forums, give you the opportunity to understand what fellow members did in response and did it work. Similarly, sharing intelligence can safeguard both you and fellow forum members. Fraudsters are very cute, and they go after multiple targets, so if you get the word that they are working in your industry then forewarned can be forearmed. The Fraud Prevention Forum with our partners Graydon and Cifas provide the vehicle to intelligence sharing. CCR


Written with Darren Hodder, director, LittleGratti www.CCRMagazine.com 13


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52