CPA Bulletin

www.cpa.uk.net CPA Bulletin > February 2018 21 Plant Theft: 1 COMBINED INDUSTRIES THEFT SOLUTIONS (CITS) CONFERENCE Themain topic of debate at the recent Combined Industries Theft Solutions (CITS) Conference, held at the NatWest offices in London, was the upsurge in fraud and cyber-crime with speakers providing good tips on how individuals and companies should keep their information safe. The Conference was titled ‘Fraud - The Elephant in the Room’. David Smith, CITS Chairman, stated that too many hire companies, particularly the smaller ones, still think that machine security is of paramount importance, whereas if their IT systems lack the latest security levels, it can place the business in greater financial risk. Steve Rodhouse, the Deputy Assistant Commissioner at the Metropolitan Police gave a key-note address revealing that fraud now far outweighs traditional crimes such as burglary or theft. He stated that it is very important for companies to report any fraud or attempted fraud to Action Fraud - www.actionfraud.police.uk Tim France - the Head of Fraud team at the Home Office - stated serious and organised crime now costs the UK at least £24bn a year. And The Office for National Statistics estimates that in the year ending June 2017, there were 3.3m fraud offences, of which 1.9mwere cyber related, and an additional 1.6m incidents of ‘computer misuse’. To help combat the most serious threats from fraud and linked crime-on-line, the Metropolitan Police had set up Operation Falcon. Detective Chief Inspector Gary Miles - Head of Operation Falcon - urged individuals and companies to ensure that their computer software is always up to date with the latest security systems. He also advised on having very robust passwords - not using dictionary words, always backing up data and ensuring that computer system access is immediately terminated for employees that leave the company. To show the varying levels of security, three example passwords were displayed to the audience together with the estimated time needed to crack them using a MacBook Pro. EXAMPLE PASSWORD TIME TAKEN TO CRACK THE PASSWORD oscar1990 5minutes O5caRd0g!990 9 years 19fisHboaTtuliP95 10,000+ centuries The Conference delegates were advised that good information on how to understand and combat fraud and cyber-crime can be obtained from such useful publications as “The Little Leaflet of Cyber Mistakes”, “The Little Book of Cyber Scams” and the “Little Book of Big Scams” from the Metropolitan Police (Tel: 020 7230 1228) and the leaflet “Take Five to Stop Fraud” (www.takefive-stopfraud.org.uk/) . Nicola Cobb - the Director of Risk Consulting at KMPG - highlighted the issues relating to internal fraud and corruption within a business. In particular she recommended having tight controls and a good “whistle blowing” procedure so that honest employees feel free to report less honourable colleagues. Another interesting speaker was Chris Diogenous, the Chief Information Officer of the London Digital Security Centre. He advised, “Cyber security needs to be brought up at board level. It is not an IT issue because the impact is not just financial loss and reputational loss. If something did go wrong, what would you do?” Hire companies must now be alert to the different methods fraudsters’ employ. These now include vishing (the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers) and bogus boss fraud. Also extremely prevalent now is the fraudulent practice of invoice redirection. So if you received a letter from a key supplier asking you to update account details you have on file, would you take this at face value or take steps to verify it? NatWest Fraud Analyst Sarah Grant urged the delegates to think about some of the larger amounts you pay to suppliers and what would you do if you had to pay that again? In particular she advised that if you get a request to change a supplier’s account details, call that supplier on a number you already have and verify everything independently. For more information on CITS, and to view the conference presentations go to www.theftsolutions.org . There will be another CITS conference in late 2018 in London. Further details will follow. PLANT THEFT