Tesco Bank attack highlights importance of implementing effective fraud prevention measures

Tesco Bank has made headlines in recent days after tens of thousands of customers fell victim to fraudulent attacks on their online bank accounts.

As many as 40,000 Tesco Bank account holders spotted suspicious activity online over Bonfire Night weekend – many of whom lost hundreds of pounds as a result of the cyber-attack.

Tesco managed to pick up on the fraudulent activity Saturday evening – and sent automated text messages to customers who had been affected. The grocery giant’s banking arm has also announced that affected parties will be reimbursed for any funds lost as a result of the attack.

Such frightening fraudulent activity raises a number of questions. Perhaps most significantly – What can companies do to protect themselves from fraudulent activity? Businesses should consider the following tips:

1. Use a firewall and always download (and keep up-to-date) antivirus and anti-malware programs on all computer-based systems.
2. Identify and monitor any tangible and intangible company assets, including data – and protect these against internal and external threats by limiting access to unauthorised people.
3. Restrict access to anything your employees do not specifically need to know in order to do their job. From false invoices and travel and subsistence claims to targeted assets, internal threats are surprisingly common. Restricting access to sensitive information will also go a long way to prevent fraudsters from posing as employees to obtain or manipulate vulnerable information.
4. Refer to Financial Fraud Action UK’s guidance on how to protect yourself from fraudulent activity when making electronic payments.
5. Refer to the Bank of England’s guidance on how to spot counterfeit currency in any instances your company finds itself dealing with cash.
6. Make sure your business has in place a suitable policy dealing with the use of your IT and communications system. All staff should be aware of the importance of complying with this policy.