Cybersecurity for your business

During the coronavirus (COVID-19) situation, many businesses have adapted and embraced digital to operate remote teams and trade online to keep moving. This rapid digital adoption makes it even more important to take steps to protect your business and stay digitally safe. With more teams working remotely, there’s a greater dependence on digital technology to stay connected and operate safely. These new working conditions also bring an added challenge in implementing cybersecurity practices, where it’s often not possible to observe or reinforce good practice among staff.

Although the types of scams targeting businesses have not changed during coronavirus, the increased usage of digital platforms and online tools creates more opportunities for fraudsters to carry out a range of cyberattacks. With many individuals and businesses relying more on digital – and some for the first time – it can leave people more vulnerable to fraud. Helping you prevent fraud remains just as important as ever. There are some quick, simple ways to improve your cybersecurity, leaving you feeling more secure in your new, digitally-enabled working environment. 

It’s important to be aware of the types of scams targeting businesses, like spoof phone calls, text messages and emails. During coronavirus, these types of scams are also happening through social media platforms, where fraudsters trick business owners into revealing security credentials.

Be particularly vigilant about fraudulent messages concerning health, financial support or removal of a service. For example, a fraudulent message saying that a business is eligible for a government grant. Here the fraudster is trying to gain confidential information or take an unnecessary payment for an ‘application fee’.

John Heaver, Fraud Lead for Business Banking, explains how fraudsters are trying to take advantage of the coronavirus situation: “Purchase scams are the most common scam type, and we’re seeing fraudsters claiming to sell hand sanitiser, PPE equipment, facemasks or surgical gloves.”

Fraudsters use a range of techniques, like emotion, urgency or current events, to trick you into responding without thinking. Scams often play into real-world concerns – like genuine worries about coronavirus – making them difficult to spot. If you do think you’ve fallen victim to fraud, don’t panic. Read the National Cyber Security Centre’s guide to suspicious messages to learn how to spot scams – and how to report them.

Having a robust payment process is a key way to prevent invoice and impersonation fraud. Impersonation fraud, where fraudsters pretend to be bank staff or a CEO, for example, is one of the highest value scam types reported by business customers. With more people working remotely, fraudsters can take advantage of people not being physically with each other when making payments.

You can help protect your business from this type of fraud by carrying out verbal checks with trusted individuals for every new payee, change of payment details requests and internal payment requests. If you receive a message from an organisation – like your bank – asking you to call them, make sure you call back on a trusted number.

As more businesses embrace digital tools, we’re also seeing more of our customers make use of Online Banking and the Barclays app¹. The app is a quick way to make payments to people and companies in the UK and abroad, with added security features to prevent fraud.

“Our app is an easy way to stay in control of your money from home or your workplace, without needing to visit a branch,” says John. “We’ve added extra check points in our payment journey to give you a moment to make sure each piece of information is correct. For example, if you choose ‘Paying an Invoice’, we’ll show you a message asking you to verbally check the bank details personally with your payee. This will help protect you against fraudsters who’ve intercepted emails and replaced the payment details inside these.” 

Although the risk of fraud can be unnerving for business owners, there’s no reason for cyber security to feel overwhelming. The National Cyber Security Centre (NCSC) has a wealth of information to help small businesses improve their cyber security quickly, easily and at little cost. Here, the NCSC has explains six areas to assess the security of your business and identify areas to address.

COVID-19 has seen many businesses alter their ways of working. They have reacted quickly to imposed constraints by increasing reliance on IT and digital technology to keep the business active.

For the SME community, NCSC has created the COVID-19 SME support package to specifically support businesses who have had to increase their cyber security. The support package consists of the following guidance documents:

• Home working: preparing your organisation and staff
• Video conferencing services: security guidance for organisations
  
• Moving your business from the physical to the digital
  

By working through the guidance, businesses will be able to gain a clearer picture of their current cyber security arrangement and implement security controls where required. This should then give businesses the confidence that their activity and business is secure online.

For SMEs who have moved their delivery of the business online due to the closure of physical premises, answering the below questions should help businesses establish a baseline of their security status to identify areas that may need attention:

1) What technology do you already use?

What IT assets do you own, operate, and manage yourself?  It is difficult to secure technology if you can’t identify who’s responsible. Is it your job exclusively? Your service provider's? Or a joint effort? Clarity is the important thing here.

2) Are you using cloud services?

The NCSC guidance provides you with a relatively lightweight process for assessing the security of cloud-hosted software products.

3) Do you have access to IT support?

As you become more reliant on digital services to do business, you should think about how you would cope if these services became unavailable.

4) What cyber security measures do you have in place?

The NCSC's Small Business Guide can help you to establish a baseline set of security policies for your IT. Cyber Essentials provides a way to demonstrate to others that you have good security in place. 

5) Are there any regulations you need to follow?

If your business is now processing Personally Identifiable Information (PII) online, you will need to read up on GDPR. If you are processing card payment information, the Payment Card Industry Data Security Standard will apply.

6) Do you need to review your insurance policies?

Are any elements of your insurance policies affected by your change in circumstances, such as working from home, running a predominately 'online' business, or by outsourcing key business functionality?

Moving your business from the physical to the digital securely will not only help SMEs grow their businesses confidently and sustainably, but it will also help to uphold their reputation with customers.

To help stay on top of cyber security, the NCSC's small business and sole trader pages are regularly updated with blog posts that frequently point to new and useful advice.

Coronavirus has caused many businesses to change the way they operate, but you may choose to keep some of these changes going forward. As you build continuity plans and resilience for the future, keep cyber security in mind and be sure to communicate best practice with your staff. This will help protect your business not just during coronavirus, but as you recover and move forward.