When we think about online security, we tend to focus on antivirus software, but this is only one part of a robust defence. Businesses are often targeted with scams that focus on people and weaknesses in internal processes, not technology. 

If a scammer can deceive or manipulate just one person in your business, they can potentially bypass your other defences. Even tech-related cyber attacks, like malware and ransomware attacks, often begin with someone falling for a fake email or webpage and clicking on a link.

The National Cyber Security Centre (NCSC) recommends a ‘three pillars’ approach to online security. These pillars are: 

• People
• Processes
• Technology

Having well-trained people, clear processes, and the right technology in place in a business helps provide a strong defence against fraud and scams. 

Most scams work by manipulating people, so the employees in your business will often be its first and strongest line of defence. Train your staff to spot the warning signs and you’ll be stopping most common scams before they can take root in your organisation.  

For example, emails are a large part of day-to-day operations, and fakes are designed to look familiar, making them challenging to spot. Criminals know this and use emails as the most common form of attack. It’s important your business is prepared to tackle this. 

What to do

1. Teach your people the common red flags of malicious emails and phone calls with the help of these free training resources.
2. Make security and scams subjects you talk about openly in your business.
3. Encourage people to double-check and challenge anything that looks suspicious without fear of repercussion, even if it turns out not to be a scam.

Scams often work by putting people under pressure so that they act without thinking – what is known as social engineering. Even with the best training in place, mistakes can happen. That’s why a second crucial line of defence includes having simple processes that everyone follows for making payments and reporting fraud.

Having an established fraud reporting process can help reduce the damage caused by the infiltration of a scam. Time is critical when it comes to scams, so making sure staff aren’t afraid to speak up when mistakes happen will help you respond quickly. 

What to do 

1. Ensure two staff members independently check account and payee details against the ones you hold on file before paying invoices. 
2. Treat all requests for changes to contact information or account details as suspicious – whether they’re from a new supplier or an existing one – until they’re confirmed as legitimate.
3. Confirm these types of requests through a trusted channel, like a phone call, before making any changes.  

While having antivirus software is a crucial part of a strong defence, it’s not the only way technology can help protect your business. 

In the three pillars of defence framework, technology plays a vital role in supporting the people and processes pillars. For example, email scanning and filtering tools are helpful for highlighting suspicious emails. They alert staff, prompting them to take extra care when dealing with these emails. This shows how the technology and people pillars can work together to help protect your business. 

What to do

1. Use strong passwords or a password manager to help protect your accounts from being compromised. 
2. Pay attention to what confirmation of payee tells you when you’re making payments. It will help you see if the name of your payee matches the account details you’ve entered and recommend best actions.

With people, processes and technology working together, you’ll have an excellent security foundation to build on. For more guidance on spotting common scams, training staff, and embedding processes, join one of our free webinars. You can also explore the advice and resources offered by the National Cyber Security Centre.