We use cookies to improve your experience on our website. If you continue without changing your settings, we'll assume that you are happy to accept all cookies on the CLC website. You can change your settings at any time.
There are many different ways fraudsters can commit financial fraud. Online methods such as phishing and malware can give criminals access to passwords and account numbers while social engineering can allow
them to impersonate individuals. Below, we look at some of the most common types of fraud, explaining what they mean and how you and your business can avoid becoming a victim.
Business owners and managers in legal businesses may be more aware than some that they are at risk, but do you and all your colleagues know the main ways businesses are targeted by fraudsters? Read below about the main types of business fraud and how to protect yourself.
Most businesses have an online presence and all use technology to communicate. Criminals continue to develop techniques to exploit weaknesses in computer systems. They can also trick staff into downloading malicious software or releasing customer information. Understanding how to protect your business from this threat is essential.
To protect the public, the websites of all CLC regulated practices must carry a compulsory secure badge to reduce the risk of impersonation through cloned or copied websites and help identify fake firms that claim to be regulated by the CLC.
If you have any doubt click on the badge on a CLC Regulated Practice's website to see information about the firm.
National Cyber Security Centre recommendations to protect against ransomware.
This is free and uses a range of information feeds to notify organisations of cyber incidents, malicious activity and web-based vulnerabilities on your public facing domains and IP ranges. It ensures that NCSC can contact organisations quickly in case of an incident. You can sign up here.
The NCSC urges all organisations to follow its guidance on mitigating malware and ransomware. It details a number of steps organisations can take to disrupt ransomware attack vectors and enable effective recovery from ransomware attacks. This may be a significant undertaking, so we have listed some quick, initial steps below.
What would you do if your business files were lost to ransomware? To get back up and running we recommend offline backups, to enable quick restoration of business functions. In addition to encrypting files on your computers, ransomware attackers will often attempt to corrupt or alter existing backups. Offline backups are your best defence and will mean encrypted devices can be wiped and restored from offline backups.
Offline backups (cloud or disconnect physical media) are when the data can be protected from accidental or malicious deletion. They also should offer version retrieval, so that if ransomware removes access to files, you can recover them from a previous version. For more information, read the NCSC blog on backups.
We recommend signing up for the NCSC’s free exercising tool. Have a look in particular at the ransomware and supply chain exercises.
RDP account compromise is the source of 50% of ransomware attacks. Where possible we suggest you turn it off. In order to do that you need to understand if you have it. NCSC’s Early Warning service will help you know and provide many other benefits. If you identify RDP and didn't know it was on, turn it off.
If you have to use RDP, we recommend using multi-factor authentication and following this guidance. Also follow the principles of privileged access management.
Make sure that the accounts that are allowed to use it have unique passwords - try #3randomwords.