The security industry encompasses many companies that protect other people’s personal data. security, property, money and the environment. Reputation is everything in this industry and being able to demonstrate the discipline and integrity to do the right thing and act professionally at all times is paramount. Continued upholding of best practice standards from both employers and customers is expected, with reliability and resiliency being hallmarks that set companies above their competition.
But how does a security company protect itself? How can you demonstrate to your customers that protections are in place? Jane Waterfall, Business Development, IASME, explains…
Threats to your business
The security industry deals with valuable and often sensitive information and can provide an access point to all kinds of people and businesses throughout the supply chain. This makes it vulnerable to cyber attacks.
According to Government figures 2021 Cyber security breaches Survey, two in five companies reported experiencing cybersecurity breaches or attacks in the last 12 months. Is reported that one in six companies that suffered a cyberattack last year said they almost went bankrupt. This indicates that even a simple cyber breach can seriously inhibit an organization’s ability to continue operating. Many small businesses pay the final cost and never get it back.
A cyber breach may involve the theft of your customer’s personal data that criminals can sell or use to launch further attacks. For a security company, protecting personal data is more than just GDPR compliance, as even the smallest security breach can be catastrophic for reputation and destroy trust.
According to the National Crime AgencyFraud is now the most prevalent type of crime in England and Wales and a major and growing problem for business. The 2017 annual fraud indicator Estimated fraud losses in the UK are around £190bn each year, with the average organization in the UK expecting fraud-related losses to be between 3-6%, although in some cases , up to 10%.
While it is true that good cyber security can mitigate a large volume of online fraud, it is only one tool in a multi-tool approach. Fraud is still very much a people problem, which is why staff awareness, training and monitoring are crucial to countering fraud, as well as having policies and strategies in place to prevent and detect crime. No one can provide a single solution to prevent all commercial fraud, but companies can help themselves by using controls to reduce the risk of fraud and by training staff and raising awareness within the company.
READ: Cyber Essentials gets biggest update to tech controls since launch
Wire transfer fraud (also known as authorized payment fraud) is a serious form of fraud that uses social engineering. Criminals can intercept business emails and thus be aware of upcoming transactions and the movement of large sums of money. When the time is right, they will contact an organization via phone call or email posing as a customer or bank manager and direct that payments be made to a new, different or ‘more secure’ account. ‘. Once the staff member has been duped and the money is transferred to the offender’s account, it is quickly moved elsewhere, making it very difficult to recover the funds.
Another growing threat is that of fraudulent insider trading. Many businesses need to hire additional staff quickly to cope with increasing demands at the busiest times of the year, and scrutiny of new hires may be rushed or ignored. Dishonest people take advantage of moments of pressure to locate themselves within an organization to commit crimes.
How do you protect yourself?
The Cyber Essentials Scheme is an effective government-approved scheme that helps organizations of all sizes protect themselves against the most common cyber attacks on the Internet. The scheme represents a minimum benchmark for cyber security in the UK and indicates to other businesses and their customers that you have taken control of your cyber risk and can be trusted with their information. By becoming certified annually under an evolving government-approved scheme, small steps that are inexpensive and simple can be integrated into an organization’s daily working practices and this will develop a safety-conscious culture.
Cyber Essentials focuses on five technical controls that form key elements in the layers that will help mitigate a phishing attack and other untargeted cyber attacks.
If you outsource your IT to an outside provider, the security risk to your network remains your responsibility. Do you know the cybersecurity status of your IT provider? It is recommended that your IT provider is certified in Cyber Essentials at a minimum. Third-party IT providers can take care of the networks of numerous companies and have administrative privileges for all of their systems. It is vital that you are sure of the security measures your provider has in place to protect you and themselves.
The Anti-Fraud Fundamentals (CFF) Scheme was developed by IASME and a team of anti-fraud experts in association with Implementing Entity of Open Banking. The scheme is an ideal way for any company dealing with financial transactions to demonstrate to its customers and supply chain that it takes its responsibility to combat fraud seriously.
The process of working through CFF Self-Assessment Questions helps an organization identify if it has adequate anti-fraud measures in place to prevent, detect and respond to fraud. Provides an opportunity to improve. The questions focus on the company, its employees, responsibilities for reporting fraud, and managing and documenting fraud risk. Anti-fraud measures involve raising awareness, training staff, monitoring staff, and implementing policies and strategies to prevent and detect crime.
IASME helps companies improve their cyber security, combat fraud and risk management through a range of effective and accessible certifications.
Do you want to know more about the IASME Consortium and its range of certifications? Talk to the IFSEC International team on May 17-19 at ExCeL in London – the team will be at booth IF2644! Sign up for your free ticket today >>
Secure your spot at IFSEC International 2022
17-19 May 2022, ExCeL London
Reconnect in person with the physical security community at IFSEC International 2022. You’ll find hundreds of leading exhibitors from the physical and integrated security industry, showcasing the latest in video surveillance, access control, intrusion detection, perimeter protection and software solutions. integrated. . Plus, network with thousands of peers and like-minded professionals as the industry comes together again at IFSEC for the first time since 2019.
IFSEC 2022: The #1 Gathering Event for the Security Industry