JPP Law Blog
Protecting your business against online fraud
Online fraud is now the most prevalent crime in England and Wales, affecting both individuals and businesses of all sizes to the tune of around £10 billion a year. The complexity with which cyber fraud can be carried out and the increasingly clever ways that criminals conceal themselves make the threat very difficult to manage.
Businesses of all sizes are vulnerable, with common weaknesses arising from poor password security, inadequate antivirus protection, vulnerable wireless networks and antiquated software, lack of up to date policies and staff training. But there are steps that you can take to protect your business and it may be possible to recover losses if legal action is taken swiftly.
The consequences of your business being a victim of online fraud can be significant. As well as the obvious direct financial implications, including on your insurance premium, service or production may be interrupted, particularly where there has been an attack on your network.
Your business will also have to allocate time and resources to dealing with the recovery of assets and managing the expectations and concerns of clients. The reputation of your company may suffer, particularly if former or current employees are implicated in the fraudulent activity.
Three key areas to beware of are invoice fraud, phishing and cloning
Invoice fraud
Invoice fraud occurs where the fraudster creates and sends you an invoice that looks identical to that of a legitimate supplier. It may appear to come from a genuine email address.
You may also be vulnerable to telephone fraud where staff are tricked into revealing important bank account payment details. Employees are then duped into transferring money under false pretences.
With multiple requests for payment coming into a company, it can be easy for a fraudulent invoice to go unnoticed or for an accounts department to be deceived into providing financial information.
Phishing
Phishing emails are a means of fraudulently attempting to obtain sensitive information such as usernames, passwords and credit card details.
Fraudsters are constantly developing the use of email for criminal activity, including disguising emails as a reply to a previous email and asking the recipient to click a link. The link enables malware to be downloaded onto the recipient's computer, which can then be used to steal sensitive information.
Cloning
Another tactic is to clone your entire website to divert traffic from your business. This will have an effect on your financial viability and your reputation when customers start to complain that they have not received the goods or services which they ordered. Clients may also be misled into transferring money or providing sensitive information.
If you own the copyright in the design and content of your website, there is also the possibility that your company's intellectual property rights may have been infringed if someone reproduces your website without your permission.
Minimising the risks
The first step is to ensure that you have robust security protections in place. Installing and regularly updating antivirus software and firewalls is crucial, as is ensuring your wireless network is sufficiently secure.
Second, implement a robust password policy that requires staff to choose combinations of letters, characters and numbers and put in place training on the dangers of opening phishing emails and the importance of verifying the authenticity of invoices.
Having adequate insurance cover against online fraud is vital, as is maintaining disaster recovery plans and procedures.
It is worth carrying out an audit of your systems and business practices to assess where your weaknesses may lie. For example, if you regularly have a low staff presence during holiday periods, consider taking steps to change this. Is your social media policy sufficiently strong to prevent the leakage of sensitive information? Consider also limiting the number of staff who have access to sensitive documents and restricting remote access to confidential files. You should carry out regular monitoring of the internet to identify potential clones.
How your solicitor can help
If you discover that your business has been the victim of fraud, you should seek legal advice straight away. Acting quickly gives your solicitor the best chance of being able to trace and recover stolen money.
This may include asking a court for an injunction, called a freezing order, to prevent the funds from being dispersed around the world. Recently, an important court ruling decided that worldwide freezing orders can be made even where the identities of the criminals are unknown.
Your solicitor can advise you on employment issues where an employee or director is involved in the fraud, and on reputation management to make sure your business is protected as far as possible.
The best way to protect your organisation is to put in place strong and effective measures to prevent online fraud. By considering the risks early and instilling a culture of awareness, you are already one step ahead.
For further advice on any of the issues raised in this article, or for commercial law advice more generally, please contact JPP Law on 020 3468 3064 or email info@jpplaw.co.uk.
JPP Law Blog

- Case Studies and Reviews (9)
- Commercial Law (89)
- Dispute Resolution (27)
- Employment Law (118)
- Intellectual Property (2)
- Start-ups (20)
- Videos (8)
- 2021 February (1)
- 2021 January (1)
- 2020 December (1)
- 2020 November (2)
- 2020 October (2)
- 2020 September (2)
- 2020 August (1)
- 2020 July (3)
- 2020 June (1)
- 2020 May (3)
- 2020 April (1)
- 2020 March (2)
- 2020 February (2)
- 2020 January (2)
- 2019 December (2)
- 2019 October (1)
- 2019 September (5)
- 2019 July (3)
- 2019 June (2)
- 2019 May (2)
- 2019 April (3)
- 2019 March (2)
- 2019 February (2)
- 2019 January (2)
- 2018 December (2)
- 2018 October (4)
- 2018 September (12)
- 2018 February (6)
- 2018 January (7)
- 2017 December (2)
- 2018 July (14)
- 2018 June (2)
- 2018 May (13)
- 2018 April (8)
- 2018 March (11)
- 2017 November (6)
- 2017 October (12)
- 2017 September (14)
- 2017 July (7)
- 2017 June (10)
- 2017 May (6)
- 2017 April (4)
- 2017 March (11)
- 2017 February (6)
- 2017 January (1)
- 2016 December (2)
- 2016 September (4)
- 2016 July (1)