The National Association of Shopfitters (NAS) has recently been contacted by two members who have fallen victim to cyber scams.
In both cases, fraudsters impersonated the contractor and demanded their clients paid alternative bank accounts – either through a payment link, or through a change of account details. The clients then paid the scammers, resulting in difficulty for all concerned.
In one case, the client has held the contractor responsible for a £250k loss and has refused to make a further payment – threatening the future of the contractor. The client has disengaged with the contractor, despite a long-term working relationship, holding them responsible.
Cyber crime against businesses in the UK had been decreasing pre-pandemic. Roughly 1 in 2 businesses had reported suffering a cyber attack in 2017, which decreased to 1 in 3 by 2019. However, likely as a result of changes in working practices brought about by lockdowns, reported cyber crime has returned to 2017 levels.
In fact, the UK has the highest number of cyber crime victims per million internet users at 4,783 in 2022 – more than 3 times the nearest comparator (the USA) with 1,494. It is a reality that all businesses need to be aware of and a plan to mitigate the risk of.
What can we do?
The NAS has provided its members with a number of options to help safeguard against the threat of cyber crime:
Launched in late-November 2022, the NAS offers its members free online learning via EdApp. With modules including Cyber Security for Business Owners, Managers, and Staff, we have provided plenty of information to help you understand, prepare, and mitigate the threat of cyber crime.
Cyber insurance is a form of cover designed to protect your business from cyber threats, such as data breaches or malicious cyber hacks on work computer systems. In the event of a cyber attack, most cyber insurance policies will cover the first-party and third-party financial and reputational costs if data or electronic systems have been lost, damaged, stolen or corrupted. For more information about cyber insurance, please contact Darwin Clayton insurance.
Holmes and Hills Solicitors provided advice to one NAS member who’s client had paid via amended bank details. Their view was that it was the client’s responsibility to bear the impact, as they had been persuaded to pay into a different account. However, due to the client refusing to accept responsibility, it is increasingly likely that legal action will be needed to enforce this, which will come at a cost.
The recommendation from Holmes and Hills is that NAS members strengthen their position by adopting the following practice:
- Have an internal policy for how and when they share bank details,
- Communicate that policy to clients.
The NAS has interpreted this advice and produced a template letter that can be personalised and used by our members. You can download this template below.