Cyber security: how to build a strong fraud prevention defence for your business

We take you through the three cyber-security essentials and suggest some free resources to help you build a robust line of defence against fraud.

The three pillars of a successful cyber-security strategy

When we think about online security, we tend to focus on antivirus software, but this is only one part of a robust defence. Businesses are often targeted with scams that focus on people and weaknesses in internal processes, not technology. 

If a scammer can deceive or manipulate just one person in your business, they can potentially bypass your other defences. Even tech-related cyber attacks, like malware and ransomware attacks, often begin with someone falling for a fake email or webpage and clicking on a link.

The National Cyber Security Centre (NCSC) recommends a ‘three pillars’ approach to online security. These pillars are: 

  • People
  • Processes
  • Technology

Having well-trained people, clear processes, and the right technology in place in a business helps provide a strong defence against fraud and scams. 

1. People: make sure staff are cyber aware

Most scams work by manipulating people, so the employees in your business will often be its first and strongest line of defence. Train your staff to spot the warning signs and you’ll be stopping most common scams before they can take root in your organisation.  

For example, emails are a large part of day-to-day operations, and fakes are designed to look familiar, making them challenging to spot. Criminals know this and use emails as the most common form of attack. It’s important your business is prepared to tackle this. 

What to do

  1. Teach your people the common red flags of malicious emails and phone calls with the help of these free training resources.
  2. Make security and scams subjects you talk about openly in your business.
  3. Encourage people to double-check and challenge anything that looks suspicious without fear of repercussion, even if it turns out not to be a scam.

2. Processes: have the right procedures in place for fraud reporting and making payments

Scams often work by putting people under pressure so that they act without thinking – what is known as social engineering. Even with the best training in place, mistakes can happen. That’s why a second crucial line of defence includes having simple processes that everyone follows for making payments and reporting fraud.

Having an established fraud reporting process can help reduce the damage caused by the infiltration of a scam. Time is critical when it comes to scams, so making sure staff aren’t afraid to speak up when mistakes happen will help you respond quickly. 

What to do 

  1. Ensure two staff members independently check account and payee details against the ones you hold on file before paying invoices. 
  2. Treat all requests for changes to contact information or account details as suspicious – whether they’re from a new supplier or an existing one – until they’re confirmed as legitimate.
  3. Confirm these types of requests through a trusted channel, like a phone call, before making any changes.  

3. Technology: helping to make online security easier

While having antivirus software is a crucial part of a strong defence, it’s not the only way technology can help protect your business. 

In the three pillars of defence framework, technology plays a vital role in supporting the people and processes pillars. For example, email scanning and filtering tools are helpful for highlighting suspicious emails. They alert staff, prompting them to take extra care when dealing with these emails. This shows how the technology and people pillars can work together to help protect your business. 

What to do

  1. Use strong passwords or a password manager to help protect your accounts from being compromised. 
  2. Pay attention to what confirmation of payee tells you when you’re making payments. It will help you see if the name of your payee matches the account details you’ve entered and recommend best actions.

Further information on fraud prevention

With people, processes and technology working together, you’ll have an excellent security foundation to build on. For more guidance on spotting common scams, training staff, and embedding processes, join one of our free webinars. You can also explore the advice and resources offered by the National Cyber Security Centre.

This material is published by NatWest Group plc (“NatWest Group”), for information purposes only and should not be regarded as providing any specific advice. Recipients should make their own independent evaluation of this information and no action should be taken, solely relying on it. This material should not be reproduced or disclosed without our consent. It is not intended for distribution in any jurisdiction in which this would be prohibited. Whilst this information is believed to be reliable, it has not been independently verified by NatWest Group and NatWest Group makes no representation or warranty (express or implied) of any kind, as regards the accuracy or completeness of this information, nor does it accept any responsibility or liability for any loss or damage arising in any way from any use made of or reliance placed on, this information. Unless otherwise stated, any views, forecasts, or estimates are solely those of NatWest Group, as of this date and are subject to change without notice. Copyright © NatWest Group. All rights reserved.

scroll to top