TRAVEL WEEKLY – AN OVERVIEW OF CYBER SECURITY TODAY – RISKS, MOTIVATION AND PREVENTION
Don Randall (MBE), ICTS Consult and former security advisor to The Bank of England was extremely informative to listen to and was a fountain of knowledge concerning cyber security, the risks, the motivations, the statistics and preventative measure that can be put in place by any business.
No matter the size of your business, big or small, you can be affected by cyber attacks and fraud.
In 2013 the US DEA found that 13% of all crime was cyber.
In 2015 there were 30,000 cyber crimes per day Globally.
During 2013/2014, 230,000 fraud/cyber crimes were reported in the UK and it is estimated that 80% are unreported.
There has been a £60 Billion cost of fraud to the UK economy.
The major risks to business are, terrorism, cyber crime, natural disaster, employee issues, civil unrest and insider threats.
So, now we have discussed quite how prevalent fraud and cyber crime are, let’s put this into perspective and highlight how every business, travel agency and tour operator can put measures in place to protect loss.
Firstly as Don stated, it is imperative to “distinguish between economic cyber enabled and other cyber criminal activity crime.” To clarify, the recent attacks on the NHS system in the UK held no financial benefit to the perpetrators. The organised crime group behind this attack would have put a huge amount of effort into this and there was no financial gain. This was a status and power statement. This is a very different case to personal credit card details being phished and used.
The major motivations for crime, according to Randall, are “need, greed and plus.” Need refers to the people who are poverty stricken and they have no choice – this bracket isn’t generally applicable to cyber crime. However, it can apply to insiders and employees who fraudulently steal from a company.
Greed is one of the largest drivers and it is just what it says on the tin. Pure greed. Many cyber attacks and fraudulent crimes are driven by greed.
The plus refers to irritants – perpetrators who just want to make life difficult and to show they can attack a certain system. The persons in this category are the most difficult to catch and protect against as there is no logical reason for their motivation.
Businesses tend to only truly see external attacks as the major perpetrators. However, you must consider insiders – employees.
There are two essential measures to help prevent employees acting fraudulently – Firstly, enjoy your staff. Respect your staff, make them feel appreciated and part of the team. A happy team will work hard for you and your company.
Secondly, educate your organisation. Randall estimates that over 80% of cyber crime and fraud can be prevented by education.
Some quick tips are:
- Don’t use public wifi with mobile banking. It is stated in most banks terms and conditions of use to warn the customer not to do this but still so many people use public wifi for mobile banking. Mobile banking is fine but it must be used as advised.
- Teach your team about how attacks tend to begin – attachments on emails from unknown people, slight changes in email addresses, demands for information through email etc. Never click on an email you don’t know.
- Speak to one another and communicate as a team – if payments, communication, or the client’s behaviour seem strange, discuss it. Ask your colleague next to you. If information or behaviour seems strange, discuss it before you action the request that has been sent to you via email. It is always better to be cautious and to check. Generally your gut, is right.
- Always keep passwords absolutely private. Don’t even give the password to your most trusted colleague. The password stays with you and you alone.
- When staff leave the company make sure all passwords are changed immediately by the IT team.
The most sensible thing to do in any company is to separate the IT infrastructure from the security and the policing. As Mark Carney, Governor of The Bank of England said, “You don’t mark your own homework”.
In conclusion, cyber crime and fraud are an every day threat for any business. But, any business can put preventative measures in place.
Daniel Landen, Managing Director of Protected Trust Services said, “ PTS will support any travel member or business member with advice on cyber security. It is absolutely imperative to make your personal information and your business completely secure. Technology has allowed business to grow exponentially, it is powerful and always pushing forward – to protect the success we gain from technological advancements we must make sure we all stay educated on cyber security.”
If you would like to discuss this further or for any other questions then please contact PTS on 020 7190 9988 or email – email@example.com