Almost 90% of Irish businesses have suffered some form of financial loss and commercial disruption as a result of a cyberattack in the past five years, writes John Cradden.
It often takes the experience of a real cyberattack to wake you up to the devastating impact it can have on your business. Even if you’ve gotten away lightly to date, the potential for financial loss, reputational damage and operational disruptions is certainly better understood.
Almost 90% of Irish businesses have suffered some form of financial loss and commercial disruption as a result of a cyberattack in the past five years, according to recent poll by insurance broker and risk management firm Gallagher Ireland.
“We are particularly vulnerable because we often have fewer resources and lower financial buffers to withstand losses, so I am urging business owners to stop and think about the processes that they have in place”
As well as this, SMEs lost €17m through email scams alone over the last two years, according to FraudSMART, the fraud awareness initiative led by the Banking & Payments Federation (BPFI).
In the line of fire from fraudsters
SMEs are very much in the firing line because of their lack of resources and cybersecurity readiness. The FraudSMART survey revealed some 68% of SMEs have been targeted by a scam in the past year alone, but 31% said they did not have specific fraud awareness guidelines as well as training programmes in place for employees.
The BPFI has launched a new fraud awareness campaign for SMEs in partnership with ISME, and which is fronted by business owner and former rugby international Tommy Bowe.
“We are particularly vulnerable because we often have fewer resources and lower financial buffers to withstand losses, so I am urging business owners to stop and think about the processes that they have in place,” said Bowe.
Bank of Ireland has also launched resources to arm businesses with knowledge to fight cybercrime. This includes its Fraud Watch: True Crime Stories series which zones in on different types of fraud to help you recognise the signs that something is not what it seems.
Email-based fraud remain the predominant way that businesses are targeted, according to the BPFI, with the nearly 90% of the two-thirds of businesses affected by scams being targeted by email.
To ensure your business continues to stay one step ahead of fraudsters and hackers, here’s what you should be reviewing.
Fraud awareness and training
There’s a clear link between the amount of fraud awareness training employees get and their sense of responsibility for protecting their employer and colleagues against scams.
A recent poll of 1,000 office workers in Ireland commissioned by tech firms IT.ie and Sonicwall revealed that just over half of them felt more vulnerable to cyberattacks than a year ago, and that of the 43% of respondents who felt at risk of causing a breach, 60% attributed it to incomplete or non-existent cyber security training.
The survey authors also said that substandard or infrequent training likely explained why 26% of workers said they did not believe cybersecurity was their personal responsibility.
It’s generally recommended that employees should get training at least once a month as part of a multi-layered approach that includes tech solutions like firewalls and VPNs.
Policies and procedures
Whether it’s to do with email scams, phone scams, malware, ransomware, card fraud, cheque fraud etc, make sure you security protocols, policies, and procedures are up to date and relevant.
For instance, do you have a verification process in place for requests to change bank account details?
If your employees work from home all or part of the week, do you have clear policies and procedures on how they should handle sensitive information and financial transactions?
Dual authorisation and two-factor authentication
Dual authorisation is where you require two people in a business to approve a third-party transaction or authorise payees or payments. As you would expect, it provides an extra layer or security against fraudulent activity, among other things. Ask your bank for more information about how to set it up.
Many online services or computer software platforms offer two factor authentication as an extra layer of security. This is where you enter code sent to your phone or email, in addition to your password to access your work accounts.
Invoice redirection
The majority of cases seen by FraudSMART are invoice redirection scams, with losses of €15.7m reported between January 2023 and December 2024 as a result of this type of fraud.
Invoice re-direction fraud is where what appears to be a legitimate email from a known supplier is hacked or copied by fraudsters to claim that they’ve moved bank account and requests the payment details to be updated. When a legitimate invoice is issued by the supplier at a later date, the business ends up paying it into the “new account” controlled by the fraudster.
This means that all businesses should review invoices thoroughly and ensure there are no irregularities. An extra layer or protection would be to implement a procedure to independently verify payment requests from suppliers, such as dual authorisation or two-factor authentication.
Regularly update operating systems
Ensuring that your company’s computer and mobile device operating systems are regularly updated is an important buffer against fraud.
Regular operating system updates will include security patches to fix flaws that hackers have been known to exploit, and can also include improvements or fixes to malware detection systems.
Cyber liability insurance
An option for some firms, particularly if their business deals in a lot of customer personal data, is to take out cyber liability insurance covers financial losses that result from data breaches and other cyber events.
This type of insurance can cover losses sustained directly by your company as a result of cyberattacks, as well as claims protection from third parties (e.g. a client sues you for negligence after his personal data is stolen from your computer system and released online).
-
Bank of Ireland is welcoming new customers every day – funding investments, working capital and expansions across multiple sectors. To learn more, click here
-
For support in challenging times, click here
-
Listen to the ThinkBusiness Podcast for business insights and inspiration. All episodes are here. You can also listen to the Podcast on:
-
Spotify
-
SoundCloud
-
Apple
