Last year, Tesco Bank reported that £2.5 million was stolen from 9,000 accounts by cyber criminals. Some customers received text messages from the company in the early hours, warning them of fraudulently activity on their account.
The bank temporarily suspended online payments of 20,000 current account customers. Luckily, no personal data was stolen and all affected accounts were refunded.
Follow these 10 steps to prevent the risk of fraud:
- Be vigilant - conduct due diligence on all business associates and third parties so you know who you're dealing with. Watch out for tell-tale signs (red flags) of suspected fraud - including employee fraud, cybercrime, customer or corporate fraud.
- Act ethically with integrity and honesty - only make honest declarations (about your credentials, qualifications and expenses); avoid giving unauthorised people access to your company's data, systems, or information.
- Only share information on a 'need to know' basis - to prevent identity fraud.
- Make sure you don't become an unwitting accomplice - to unscrupulous employees, customers, or suppliers or others in acts of fraud.
- Keep anti-virus software up-to-date - don't disable it and make sure updates are installed as soon as they become available to plug known vulnerabilities.
- Follow your company's information security rules - for example, make regular backups of data, avoid sharing passwords, ignore unsolicited emails or phone calls requesting information (don't be pressured into breaching company rules), encrypt or password-protect data which is sensitive or personal, don't click on links in unsolicited emails, avoid using public WiFi hotspots to link to your firms' network, and don't connect personal devices or download unauthorised apps.
- Co-operate fully and immediately with any guidance provided by IT which is designed to prevent fraud - for example, on using firewalls, updating anti-virus software, avoiding malware, and so on.
- Watch out for possible signs of a DDoS attack - for example, uncharacteristically slow response or network performance when opening or accessing files, unavailable websites or an inability to access your firm's website, or a dramatic increase in the amount of junk mail you receive.
- Report any knowledge, suspicions or concerns about fraud or suspected fraud immediately - inform your manager or IT immediately of anything suspicious or of any errors.
- Don't try to hide your mistakes - the sooner you report them, the quicker your company will be able to limit its losses.