Small businesses and fraud: a toolkit to fight cybercrime

James Turley, Fraud Awareness Analyst at Royal Bank of Scotland, explains why the bank is teaming up with the Global Cyber Alliance.

Our latest initiative sees the bank teaming up with the Global Cyber Alliance (GCA) – the organisation set up in 2015 to fight internet-based fraud on an international basis – to provide our business customers with a new free cyber-security toolkit. This resource gives small firms everything they need to assess the cyber risks they face and to implement best-practice measures designed to safeguard them from computer-based crime. (For more information, see ‘What the toolkit involves’, below.)

Big news stories about cybercrime inevitably involve major corporations or large public sector organisations: look at the recent ransomware attack on the US-based Colonial Pipeline, or the 2017 WannaCry hack on the NHS. But this doesn’t mean that smaller companies are immune: cybercriminals don’t care who their victims are, and many attacks will target as many organisations as possible.

In such circumstances, it will be the businesses with the weakest defences that suffer the most – and this can often include small businesses.

The real threats

For many business owners, cyber-security concerns will take a back seat as they focus on rebuilding their capacities in the wake of the pandemic. But the cyber risks facing small businesses have perhaps never been greater. The pandemic – and the new working practices that many organisations have adopted as a result – have increased the opportunities for online fraud. 

These include: 

  • staff using their own IT at home, not company-provided devices

  • the increase in file-sharing between colleagues 

  • greater reliance on email, meaning hackers can use email to impersonate senior managers or send fake invoices 

According to the latest figures from UK Finance, there was a 30% increase in the amount of money lost to fraud in the first six months of 2021 compared with the same period in 2020. In total, £753.9m was stolen – although the organisation says that the advanced security systems employed by Britain’s banks, including the Royal Bank of Scotland, prevented the loss of a further £736m.

Acting too late

Too often, small businesses do not address cyber-security risks until they have been targeted by criminals or have actually lost money as a result of an attack. But a small investment of time implementing some preventative measures can reap huge dividends.

At the same time, it’s worth bearing in mind that, while many multinationals may be able to absorb the costs of cyberattacks, such hacks can be potentially devastating for smaller businesses. The non-financial implications should also be taken into account: hacks can often compromise client data, leading to customers also being targeted. As well as the possibility for prosecution under GDPR data-protection legislation, this can lead to severe reputation or brand damage for the organisation in question.

The partnership between Royal Bank and the GCA is a great example of the importance of collaboration when it comes to fighting online fraud. Cybercrime is a sophisticated, cross-border phenomenon – and it is vital for banks, regulators, industry and the law-enforcement community to work together to minimise its harm. That’s why we encourage our business customers to promote our cyber toolkits to their suppliers, clients and anyone else they deal with. The more that companies are able to mitigate cyber risks, the better off we all are – as a society and as an economy.

As well as the GCA toolkit, the bank’s cyber-security support includes free online seminars and guides for all businesses. For more information, visit rbs.co.uk/business/security

What the GCA says

The Global Cyber Alliance was founded in 2015 as a collaboration between the City of London Police, the US-based Center for Internet Security and the Manhattan District Attorney’s office, explains Gill Thomas, the GCA’s Director of Engagement.

“Back then, cybercrime was overtaking traditional crime as the most financially rewarding option for fraudsters,” she says. “So we came together to look at the systemic causes of cyber risk and then put in place mitigations and actions to prevent those things happening.”

Gill adds that it is important that the resources created by the GCA are freely available to everyone – as is the case with the cyber-security toolkit that the organisation is providing to the bank’s business customers.

“With the volume of cyber attacks increasing during the pandemic, it has never been more vital for businesses to take the steps needed to protect themselves. We estimate that basic cyber hygiene can reduce the risk of being attacked by as much as 85%.”

What the toolkit involves:

1. The GCA toolkit initially prompts businesses to assess the risks they face by taking an inventory of all hardware, software and sensitive data. This involves checking that operating systems are still up to date and being supported, for example. “Then you can move on to making sure everything you use is set up to automatically update with patches,” says Gill. “Our toolkit sends you to the relevant manufacturer website so you can update devices, operating systems and so on.”

2. The next step is to look at the passwords used throughout the businesses to check they are sufficiently strong, with advice on using extra authentication processes. Businesses can then look at the antivirus solutions and firewalls they have in place to ensure they are adequate to protect against malware and phishing attacks. “Another important element is having backups of important data which are updated regularly and stored offline,” says Gill. “This can protect you in the event of a ransomware attack but also if there is a natural disaster, say.”

3. A further part of the toolkit is advice on email security, which can help stop fraudsters spoofing the business’s email addresses. “It can be hard for small businesses to realise what is and isn’t important in terms of cyber security,” says Gill. “So we have identified these top-priority controls and allowed them to implement them for free. After that, they can decide whether or not they want to go further with additional measures.”

This material is published by NatWest Group plc (“NatWest Group”), for information purposes only and should not be regarded as providing any specific advice. Recipients should make their own independent evaluation of this information and no action should be taken, solely relying on it. This material should not be reproduced or disclosed without our consent. It is not intended for distribution in any jurisdiction in which this would be prohibited. Whilst this information is believed to be reliable, it has not been independently verified by NatWest Group and NatWest Group makes no representation or warranty (express or implied) of any kind, as regards the accuracy or completeness of this information, nor does it accept any responsibility or liability for any loss or damage arising in any way from any use made of or reliance placed on, this information. Unless otherwise stated, any views, forecasts, or estimates are solely those of NatWest Group, as of this date and are subject to change without notice. Copyright © NatWest Group. All rights reserved.

scroll to top