“Scary new viruses emerge abruptly in our modern world, provoking stark headlines and demands for bold government action”
That’s the opening line to a National Geographic report  into the Zika virus whose existence threatened the security of the Olympic Games and other events in 2016, but it could equally apply to any number of computer viruses which have been hitting the headlines in 2017. Read on and the parallels become even starker; the explosive spread, the unwitting vectors who transmit the virus onwards, the lack of action by the authorities in the early days.
Now turn to a National Audit Office report into online fraud which was released at the end of June 2017. The statistics reveal a horrifying story. In the year to September 2016 it is estimated there were 1.9 million cyber-related frauds in the UK, costing private individuals and the private sector £10 billion and £144 billion respectively. Despite this, the foreword to the report makes the observation that:
“For too long, as a low value but high volume crime, online fraud has been overlooked by government, law enforcement and industry. It is now the most commonly experienced crime in England and Wales and demands an urgent response.”
The losses revealed by the report are frightening enough but they don’t even take into account the cost to industry and the country as a whole as a result of the recent cyber attacks. The stark truth is that we are like infants playing with the wonder of an interconnected world and far too many of us have yet to learn how to recognise and prevent harm, to play safely.
Whilst the NAO report makes a number of recommendations they are mainly concerned with the way in which the authorities should identify and collaborate on fraud prevention measures in the future. But prevention is not solely a matter for the authorities. It is up to every individual and every business to become more aware of the dangers posed by online viruses and fraud. When it comes to business that means incorporating awareness into the culture.
Digital security is a state of mind and as with any other organisational culture attributes you aren’t going to engage people in the right attitude simply by getting them to sign a piece of paper once a year or forcing them to sit through a fraud awareness lecture. To be effective, digital security awareness has to permeate every action and decision within the organisation. Yes some of that can be inbuilt into systems, blocking certain pathways and making sure that virus protection firewalls are strong but the people factor is equally, if not more, important.
Governments and police forces may now be awake to the seriousness of the situation, they may respond to the NAO report and take action, but at the end of the day the best fraud prevention comes from not allowing the fraudsters to gain access to systems, data or finance. When people engage with digital security they think before they click on a link, they don’t take customer or other secure data out of the office on an unprotected device, and they certainly don’t respond to requests for invoice or other payments outside of the approved pathways. In other words; with security awareness built into the culture your people are your first line of defence, helping to protect the company and its customers from the dangers of an interconnected world.