How can North East business leaders better protect their organisations against cyber threats?
To mark Cybersecurity Awareness Month at the latter end of 2023, SME business leaders from across the North East gathered to take part in a morning of learning. Hosted by Waterstons at Liddon Court in Durham in partnership with the North East Business Resilience Centre, attendees listened to insightful and inspiring talks from industry leaders, increasing their understanding of the world of cybercrime, fraud threat risks, and the steps which can be taken to protect themselves and their businesses.
Every year, businesses lose millions of pounds to fraudsters. Criminals are becoming ever more sophisticated and can spend hours researching you and your business to perform a credible scam.
After arrival, networking and breakfast, Andrew Swan solicitor at Andrew Swan Law spoke, sharing his extensive experience in defending small businesses who have been subjected to Information Commissioner’s Office (ICO) investigations after a data breach or breach of data protection regulations.
The ICO is an independent body which upholds information rights in the UK. The Commissioner, John Edwards, works within a team of professionals, including data protection police who have powers under GDPR and DPA regulations. They help to ensure the protection of data from theft, loss and destruction. In addition, they work to ensure data isn’t mistreated, unlawfully obtained, and is protected against direct marketing failures.
The ICO typically approaches investigations through a letter of investigation giving a brief explanation of suspicions, and sets out the ICO’s powers. They will ask probing questions and, as a case can be won or lost at this stage, organisations should take it very seriously. They may also involve the execution of a search warrant for criminal offences, though this is uncommon.
Upon making a decision, the ICO may send an NFA (no further actions), warning or a reprimand. They may in certain cases send a financial penalty notice or an enforcement notice. You will also have a right of appeal. Fines for breaches of PECR can be as much as £500,000, and GDPR breaches up to £17.5 million! These actions can not only cause huge financial damage but reputational too, so being clued up on your responsibilities as an organisation is essential. Andrew advised taking data issues seriously and to get expert advice from the outset to avoid any problems.
Next up was Sergeant Brian Collins of the North East Regional Economic Crime Unit, a team consisting of fraud investigators who go after serious and organised criminality in the region. Sergeant Collins gave updates on the latest fraud trends and crimes and insight into a fraudster’s mindset.
Since the start of 2023 there have been 6,809 frauds reported across the North East to Action Fraud. these total a loss of just under £29 million (£28,612,373), with victims suffering a loss in 63% of cases.
The number one type of fraud (by loss) is ‘other financial investment’, which covers things like crypto scams, online investment scams and things like the recent Martin Lewis deep fake scam. It basically covers anything other than boiler room fraud, Ponzi schemes and pension liberations. This fraud type is responsible for just under £4 million worth of loss this year in the region.
In terms of the volume or number of reports which involved a loss, ’online shopping and auctions‘ was the number one culprit. We saw 1,800 reports which had a loss value of just under £840,000. Over half of these online shopping reports are linked to Facebook Marketplace, which is a continued problem and something which we saw with the most recent Wilko scams trend.
Lastly, David Dove, Executive Information Security Consultant for Waterstons took to the stage, giving a cyber threat briefing and an overview of quick wins that small organisations can adopt. His five top tips for businesses included establishing your business’s cyber strategy and vision for the future, building a security culture in the workplace, and getting the basics right. For example, following the Cyber Essentials and similar frameworks that are there to support businesses in their cyber journeys.
David also stressed the importance of creating plans to effectively respond and recover from an incident, alongside establishing strong partnerships with stakeholders and cyber teams.
In the last year, one in three UK businesses suffered some form of online crime. Fraudsters target sole traders and micro businesses as well as charities and larger businesses, so these types of events and learnings are essential to stay ahead of the criminals who might target businesses. North East and Yorkshire based businesses can sign up to the NEBRC free core membership which provides advice and frameworks to better protect organisations against cyber threats.
Sign up: NEBRC free core membership