When we think online security, we tend to focus on antivirus software. But this is only one part of a robust defence. Businesses are often targeted with scams that focus on people, and weaknesses in internal processes, not technology. If a scammer can deceive or manipulate just one person in your business, then they can potentially bypass your other defences. Even tech-related attacks like ransomware often begin with someone falling for a fake email or webpage and clicking on a link.
The National Cyber Security Centre (NCSC) recommends a ‘three pillars’ approach to online security. These pillars are:
- People
- Processes
- Technology
Having well-trained people, clear processes, and the right technology in place in a business helps provide a strong defence from fraud and scams.
People – do your colleagues know what to look out for?
The people in your business will often be its first and strongest line of defence. This is because most scams work by manipulating people. Train your employees to spot the warning-signs and you’ll be stopping most common scams at their root.
For example, emails are a large part of day-to-day operations, and convincing fakes are designed to look familiar, making them challenging to spot. Criminals know this and use emails as the most common form of attack. It’s important your business is prepared to tackle this.
What can I do?
- Teach your people the common red flags of malicious emails and phone calls, with the help of our free training resources
- Make security and scams something you talk about openly in your business
- Encourage people to double check and challenge anything that looks suspicious, without fear of repercussion (even if it turns out not to be a scam).
Processes – do you have the right payment and reporting processes in place?
Scams often work by putting people under pressure, so they act without thinking.
Even with the best training in place, mistakes can happen. That’s why having simple processes that everyone follows for making payments and reporting fraud is crucial as a second line of defence.
What can I do?
- Ensure two staff members independently check account and payee details against the ones you hold on file before making a payment. You can use the ‘dual authorisation’ setting in Bankline to do this
- Treat all requests for changes to contact information or account details (whether they’re from a new supplier or an existing one) as suspicious until they’re confirmed as legitimate. Confirm these types of requests through a trusted channel, like a phone call, before making any changes.
Having an established fraud reporting process can help reduce the damage successful scams may do. The earlier a successful scam is reported, the more likely your bank will be able to recover any lost money. Time is critical when it comes to scams, so making sure staff aren’t afraid to speak up when mistakes happen will help you respond quickly and minimise losses.
Technology – helping to make online security easier
While having antivirus software is a crucial part of a strong defence, it’s not the only way technology can help protect your business.
In the ‘three pillars’ of defence framework, technology also plays a vital role in supporting the people and processes pillars. For example, email scanning and filtering tools are helpful for highlighting suspicious emails coming into staff inboxes. This alerts staff, prompting them to take extra care when dealing with these emails. This shows how the technology and people pillars can work together to help protect your business.
What can I do?
- Use strong passwords or a password manager to help protect your accounts from being compromised. You can read our article on password security for further help
- Embed Bankline security settings into your business. This will help strengthen and streamline your payments process. For help with how Bankline settings work and what they can do to strengthen your security setup, watch our short videos.
- Pay attention to what Confirmation of Payee tells you when you’re making payments. It will help you see if the name of your payee matches the account details you’ve entered and recommend best actions.
