How one business improved their cyber security after one of their suppliers was hacked.
Small business is the backbone of the UK economy, making up most of the private sector and providing over 60% of total employment. Business in the Community’s Business Emergency Resilience Group (BERG), believes responsible businesses are resilient businesses. We help small businesses to be more prepared for business disruptions such as a flood, fire or cyber-attack. We also respond to requests from Local Resilience Forums (LRFs) by asking our large business members to provide support for communities in the event of an emergency.
Read about what a small business has done to make themselves more resilient following one of their suppliers being.
Acumen Waste Services is leading provider of industrial site services and waste management solutions across Great Britain. Acumen has 100 employees and its head office is in West Yorkshire.
In September 2018, one of Acumen’s suppliers was the subject of fraud which cost them £87,000. Fraudsters hacked into the email account of Acumen’s suppliers and monitored incoming emails, looking for high-value invoices.
Through their monitoring, the hackers found an invoice from Acumen and then proceeded to undertake a few key steps to dupe Acumen’s supplier into believing that they were Acumen by setting up an email address and a website that was an exact replica of Acumen’s but with an extra ‘s’ on the end.
They emailed Acumen’s supplier and reproduced their invoices with amended bank details, asking for payment to be made to the new bank details. Unfortunately, the supplier made the payment and only found out that they had been the subject of fraud when Acumen chased for their payment a week or two later.
Acumen and its supplier reported the scam to the police and action fraud, unfortunately they received no response.
Needless to say, Acumen’s senior employees were concerned about the risk of a similar attack on their own business. They decided they needed more robust systems and a much higher level of understanding of cyber-attacks throughout the company.
Acumen have now implemented a triple sign-off system for all payments made to suppliers. They have also put in place a segregation of duties: the person reconciling payments is different to the one approving and different again to the one paying. All changes to bank details are checked by two people and only one person can update the system.
As well as changing system processes, all accounts employees were put through a Barclays’ Digital Eagles cyber security briefing. Cyber-related updates are now issued to all staff, in particular information about cyber-attacks, phishing and email security. Acumen have an IT company that provides technical support and all employees are encouraged to report any and all emails that look suspicious, which are far more prevalent today than they have ever been.
Kris Sutton, Finance Director of Acumen “We are very aware of the constant threat of cyber-attacks, fraud and email phishing and have seen first-hand how clever these criminals can be. I would encourage everyone to undertake an ethical hacking check and constantly review their processes. Speak to suppliers and customers personally, ones that you know to ensure that they are who you think they are. A simple call to me would have stopped our suppliers from being defrauded of £87k.”
For the longer-term Acumen will continue with their checking and vigilance, communication and sharing of threats and phishing examples. And the £87,000 invoice to the supplier? The supplier paid in full; importantly, they also underwent a full and detailed cyber audit.
For more information on how to make your business prepared for a range of disruptions we recommend taking the BITC’s Readiness Test at www.wouldyoubeready.org.uk, download our resilience top tips and opt into our online community.
For more information firstname.lastname@example.org
Head Office, Knottingley
Acumen House, Headlands Lane, Knottingley, West Yorkshire, WF11 0LA
Acumen Waste Services, Tame Road, Middlesbrough, TS3 6LL
Acumen Waste Services, Lincoln Street, Wolverhampton, West Midlands, WV10 0DX
York - Escrick
Acumen Waste Recovery Park, The Old Brick & Tile Works, YO19 6ED
No 2 East Site, East Terminal, Immingham Dock, ImminghamPhone: 01977 529586
Keighley Office, Newbridge Industrial Estate, Pitt Street, Keighley, West Yorkshire BD21 4PQPhone: 0845 600 3572
York - Harewood Whin
Liquid Treatment Plant, Harewood Whinn, Tinker Lane, Rufforth, York, YO2 3RRPhone: 01977 529586