Combatting cyber threats: how to protect your business

Karl Hoods, Chief Digital & Information Officer at the Department for Business, Energy and Industrial Strategy, talks to Reed about how you can protect your business from cyber security threats.

8 mins read

over 1 year ago

As companies continue to utilise workplace technologies to allow their business to grow and develop, the risk of cyber security attacks increases tenfold.

According to PwC, Swiss companies suffer ransomware attacks around every 11 seconds. Medium-sized Swiss companies suffer average damage of about CHF 6 million per cyberattack.

Now more than ever, companies across the world try and prevent cyber attacks. Because of this, the role of information technology in the workplace becomes even more critical for businesses to not only protect their assets, but to also lead towards a sustainable future.

We interviewed Karl Hoods, Chief Digital & Information Officer (CDIO) at the Department for Business, Energy and Industrial Strategy (BEIS) - UK, to find out what companies can do to protect their business from cyber security threats.

Watch the full interview with Karl, where he goes into detail on the importance of IT within business and how it has changed, alongside how companies can protect themselves from cyber attacks and the ‘must haves’ that can help ensure protection and sustainability for your business, here:

The role of IT in business

Information technology and the IT department now play a crucial role within any business, as the emphasis on monitoring and managing technology and communication systems grows.

There are very few companies now that don’t have an IT department or a professional who looks after the digital elements of the organisation. From being able to send an email, to changing and verifying a password, accessing and maintaining databases and troubleshooting, information technology allows businesses to become more efficient and productive.

While the role of the IT department still encompasses day-to-day operations, the responsibilities and strategic direction has changed exponentially, according to the CDIO at BEIS, Karl Hoods.

He said: “I think the role of the IT department, or the digital department, is incredibly important.

“There aren't many industries that don't have any reliance on technology at all. It's really a relationship that needs to continue to develop and evolve because there's so much value that technology can bring to everyday activities, from productivity if you're working in the office, through to manufacturing and what that can actually mean for output.

“IT has definitely progressed over the years, from being a supporting function to being something which should be integral to the operation of the organisation you’re in.”

Protecting your business

The need to protect your business from cyber-attacks has never been greater, and global governments continue to urge businesses to strengthen their cybersecurity practices. According to PwC, in 2020, 20,544 cases of cybercrime were reported in Switzerland, and 16,395 of these were classified as cyber fraud.

Conducting business through digital means can bring a host of opportunities and benefits to the fore, including the ability to email safely, store data, work remotely, and manage everyday operations. On the other hand, having a digital workstream can enhance the risk of a cyber attack.

While cyber-attacks can be hard to predict, Karl believes it’s imperative that companies look into potential risks to ensure that the business can remain functional, operational and secure.

He said: “There's definitely a conversation to be had about understanding what the threats are and really getting your head around that."

"From a cyber perspective, we've recently seen the exponential growth in cyber activity and cyber threats. It hits every part of every organisation and it can be incredibly disruptive. You need to look at your own risk as an organisation and where your threat vectors are, where you might have some weaknesses, where you might be exposed and then look to plug those."
Karl Hoods, Chief Information & Digital Officer, BEIS

In most cases, today’s technology tools come equipped with the necessary protection that allows businesses to safely go about their day-to-day operations. But making sure you understand how to use the tools is paramount.

Karl adds: “If you're using things like Office 365 or Google Workspace, they all come with tools which can help you. If you don't know how to use them, get some advice on what to do with that – an independent view is beneficial.

“Once you've got that base level of technology protection, then you can look to see how you can evolve that over time. There's also scope to put into place a technology recovery process, as well as a wider business recovery that needs to be done as well.

“Really understanding the key recovery processes, the key people and how long you can survive without having access to the technology is incredibly important.”

The technology ‘must haves’

Protecting your business in a digital world will allow your business to be both sustainable and progressive – but to do so, employers need to make sure that they’re doing everything possible from an IT standpoint.

There are certain processes and tools that can be put in place that will protect a business in both the short and long term. Because IT departments have gone from being purely ‘reactive’ to ‘proactive’, there are multiple ways that companies can firewall their digital assets, believes Karl.

He said: “So the ‘must haves’ are an awareness of the threats. Then there are basic principles that you need to employ which all come down to people a lot of the time. That includes the need for strong passwords, two-factor authentication, all those kinds of things that you need to put in place.

“If you look at the history of some of the compromises that happen, they are around compromised accounts, around credentials that are not being rotated often enough for admin accounts, etc. There's a similar pattern emerging over and over again – usually down to a flaw in the process.

“Focus on understanding your threats, understand where your weaknesses are, and plug those where you can. Also having a really strong user training and awareness programme is incredibly key because people are the weak spot in many of these things.”

Focusing on the employee

Companies need to take the time to invest in their employees to ensure security breaches, no matter the size, can be prevented.

Researchers from Stanford University suggest that approximately 88% of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cyber security problems, which makes upskilling your employees more important.

Karl believes that “no matter what technology you've got in place, there’s always a weak point which can be individuals, whether that's malicious or just a genuine mistake.

“Investing in the technology, the processes and the people in terms of upskilling has got to be key for any organisation of any size to recover.

“We all get phishing attacks and malware attacks at home. Just because you've come into the office doesn't mean to say that everything's taken care of by the security or technology team.

“It's just about keeping abreast of that, keeping up to date, making people aware of the consequences and understanding what the outcomes could be.”

According to software company Symantec, in the UK, one in every 3,722 emails is a phishing attempt, further reinforcing the need to make employees aware of any potential threats that can occur both within the office and while working from home.

Karl adds: “If there is a breach, it’s about knowing who to notify when something happens, even if you're unsure whether it's a breach or not.

“It's better to put your hand up and say, ‘can you look at it for me?’ rather than just say ‘I'm not quite sure’ and let it go so even more damage can be done.

“There are lots of software and courses that are available. It can be very much bitesize and consumable on the move, just short little snippets of information that can really help to protect your business.”

Growing awareness business wide

As the IT department’s roles and responsibilities evolve, so too does their ability to influence and inform senior leaders, which is crucial when it comes to the prevention and awareness of cyber security measures.

Growing awareness around cyber security isn’t just for entry-level employees, it must encompass all departments from graduates all the way up to c-suite executives and the board.

"There’s this concept of the ‘human firewall’ that is what we really need inside organisations."
Karl Hoods, Chief Information & Digital Officer, BEIS

Karl said: “Awareness should start in general terms so that people know how to protect themselves, know not to click on links that they don't expect to receive- for all employees at all levels.

“It isn't just focused on the most junior person in the organisation. This needs to be right up to board level and down, everyone needs to understand the role that they play in protecting the organisation.”

Are you looking for a talented IT professional to drive your business’ growth? Get in touch with our specialist recruiter now.

Featured Interviews

You may also be interested in...

3 mins read

Five tips for working parents from a work-at-home mum

Let’s face it, trying to fit work around your family isn’t easy…

If you’re a working parent, you’ll no doubt know the struggles that come with balancing a career and kids. To help you find the balance, our company sister Reed.co.uk teamed up with expert blogger and work-at-home mum of four, Leyla Preston, and asked her to share her top tips for working parents.

Embrace the dance between flexibility and routine

Finding harmony between flexibility and a well-structured day can feel challenging at the best of times. But over 14 years, I’ve learned to work with my children’s needs while keeping a steady beat with my work tasks – not the other way around. This means waking before the kids for an hour of focused work,as well as syncing my most demanding work tasks with my youngest’s nap times.

It’s not easy and you won’t be able to perform both to the best of your ability if you’re managing both work and childcare at the same time. But, if that’s your situation, you have to do the best you can with what you have to do.

Carve out an office

Find a place in the corner of your house that you can designate as your ‘office space’.

There’s a good chance you’ll often be on the move with your laptop (because of traveling with the kids). But it’s important your brain becomes accustomed to a place in the house that’s purely for switching gears into ‘work mode’. For me, it’s now at the end of the dining room, overlooking the lounge. That way I can keep an eye on the kids, and work at the same time.

Master the art of prioritization so you can be productive

The Eisenhower Matrix isn’t just a tool – it transforms overwhelming to-do lists into actionable and consumable tasks. Work out which of your tasks are urgent and prioritize those. And the tasks that aren’t urgent or important? Delete. Try and stick to five tasks a day for work, prioritized in order of importance and urgency. Whatever can’t be done, gets rolled over to tomorrow.

You may think, ‘I can’t do that!’, but if you’re overwhelmed, overstimulated, and overworked, you won’t be completing any task, let alone the ones you tried to cram into an already sardined day.

Self-care is vital

Your mental health and physical health demand relaxation and rejuvenation, and when you’re stressed, you tend to overlook this very important part of your day. It could be five minutes of drinking tea in peace, going for a walk, or doing 30 minutes of exercise (my number one therapy). Whatever it is, build it into your routine, so you keep your sanity and manage the chaos around your work-from-home life.

Remember, you’re no good to anyone if your mental and physical health is compromised.

Find your tribe (and don’t be afraid to ask for – and provide – help)

They say it takes a village to raise a child, and I’ve found it also takes one to nurture a dream. Building a network of fellow warriors — parents who understand the juggle, professionals who share the hustle, and family and friends who know your soul — creates a tapestry of support that can catch us when we fall and propel us forward.

Don’t be afraid to ask for help if you’re struggling and pay it forward when others need help. You’ll never know when that one person you helped will return and pay it back in dividends.

Looking for a role you can fit around your family commitments? View all available jobs now.

6 mins read

Hiring fraud: how to safeguard your organisation

To combat the rising tide of hiring fraud, Reed Screening recently joined forces with the Better Hiring Institute and fraud prevention experts Cifas and ST Smith, to launch guidance for employers. This free, comprehensive eBook is now available to download and provides the latest insight into the gravity and scale of threat facing organisations today.

Complete with case studies highlighting common criminal activity, such as resume fraud and employment scams, the guidance offers solutions to counter these tech-based crimes, helping to protect your recruitment teams from falling victim to imposters and impersonators.

We spoke to Keith Rosser, Director of Group Risk & Reed Screening – Reed, about the new guide, Tackling hiring fraud: the response to a growing problem.

Q: How worried should employers be about hiring fraud – what are the worst-case scenarios?

A:Employers should be very worried about hiring fraud. At Reed Screening, we have made huge progress over the last few years in making hiring faster globally, including being referenced by UK government for our work on digital right to work. However, with the development of technology and improvements in the speed of hiring, we have seen an acceleration and amplification of fraud.

The worst-case scenario could be hiring a bad actor who defrauds the company for significant amounts of money leading to job layoffs and even worse. It could be organised criminal groups putting someone inside an organisation from where they can do significant harm through data theft or financial fraud.

Q: Are some organisations more at risk than others?

A:The risks are different. Financial institutions are clearly big targets for organised crime or even individual bad actors. But hiring fraud includes sex offenders getting work with the vulnerable through new ways of changing identity. Hiring fraud also includes unqualified people getting into roles by falsifying their claims on CVs, such as unqualified nurses let loose on wards.

Digital right to work has changed the way illegal working presents itself, meaning all companies are exposed to hiring fraud that involves illegal working.

Q: Are there statistics that illustrate the impact of hiring fraud, compared with pre-AI times?

A:Stats from Cifas’ Fraudscape 23 report include:

An 84% rise in false identities
Deepfake videos increasing at an annual rate of 900%
10% of UK adults have lied about their degree qualification within a 12-month period, compared with 8% in 2021

A study by Forbes in 2023 also found that 70% of workers lie on their CV.

Q: The new guidance lists fraud across many areas. Can you highlight a few of the most effective tools and practices to detect/prevent them?

A:The two current greatest threats to employers are arguably ‘reference houses’ and artificial intelligence (AI). Reference houses are sophisticated, organised attempts at helping people deceive the hiring process. Over 100 reference houses were identified in 2023 alone. AI is already being abused by some jobseekers to fool interview processes or identity systems through deep fakes. For both it is essential employers have access to known databases of reference houses, use referencing providers with built-in technology to identify reference houses.

At Reed Screening, we typically flag a few reference houses a month using technology. With regards to AI, employers need to decide what their position is on its use by applicants. The most sensible approach is to allow it, as studies have shown its value in attracting Gen Z workers – but be sure to provide information and rules on how to use it correctly when hiring.

Reed Screening spoke alongside Lord Holmes, academics, legal professionals, and industry at a recent parliamentary briefing on AI in hiring, and we are soon to co-launch the first set of industry best practice on the subject.

Q: Of the different types of hiring fraud, which do you feel presents the biggest challenge for organisations?

A:While a number of areas such as the changing nature of immigration fraud, reference houses, and employment scams are rapidly on the rise and posing important questions to business, the single biggest issue is going to be the misuse of AI in hiring. It is already here with industry studies suggested seven-in-10 job applicants have already used AI in some way during their job search.

AI has a lot of exciting benefits and will create a lot of positive opportunities, but it can be misused too. How will companies in future ensure they are hiring the right people when ChatGPT can be employed with competency-based applications and interviews? AI-powered services are already in place tailoring en masse whatever jobseekers put on their CV to meet the requirements of multiple jobs, and deepfakes and associated technology are developing at a fast rate to impersonate people, driving identity fraud and fooling employers.

We are in the foothills about to start the climb, but the pace of change will be like nothing we have seen before. The only comparison I can draw would be the dawn of the internet. AI will be that impactful on hiring.

Q: How might overstretched businesses cope with the costs of implementing/updating safeguarding measures?

A:The challenge for employers is that hiring fraud and available technology to combat it are continuously evolving. Outsourcing is not only the easiest way to remedy this, it is usually the most cost-effective solution too. With many screening companies operating now owned by global firms, never has it been more important to choose the right specialist developing the future policy, legislation, and systems needed to respond.

Q: What action should organisations take if they suspect fraudulent hiring activity?

A:The free guide, spearheaded by the Better Hiring Institute, ‘Tackling hiring fraud: the response to a growing problem’, and co-written by Reed Screening and Cifas, contains a useful checklist for human resources directors and chief people officers to ensure their organisation has all the right defences in place. In terms of reporting issues, it depends on the type and nature of the fraud. If the fraud has been perpetrated by a recruitment agency or job board, this can be reported to the Employment Agency Standards Inspectorate to deal with non-compliant recruitment agencies.

Depending on the severity of the fraud, organisations may well also need to inform insurers, external auditors, and the police. Where an organisation identifies an individual applicant who has committed hiring fraud, in most cases this person will be rejected from the role on the grounds of dishonesty.

Q: How else can Reed Screening help employers?

A:Reed Screening is redefining employment screening. Having worked with the UK Home Office to develop digital right to work, we have since worked with various UK government departments to develop ways of making hiring the faster. Our work in parliament has led to a range of changes and will continue to do so. All of that means Reed Screening can advise hirers on what the future holds, not just on what current legislation says.

As a UK-based, 24-7, family-owned business, we lead on UK employment screening while also having the capability to conduct screening globally. We have recently built brand-new technology platforms with a real focus on speed and candidate journey. As one of the biggest hiring organisations in the UK, we understand the importance of hiring quickly and efficiently with a strong candidate focus.

Our various roles across industry and UK government mean we are setting the new standards for hiring including national hiring frameworks, setting the standard on hiring fraud, and setting the direction on AI in hiring. Reed Screening also chairs the Criminal Records Trade Body as well as running the largest series of free webinars for employers on all aspects of screening and onboarding.

Download the free guide now: Tackling hiring fraud: the response to a growing problem.

3 mins read

Tackling hiring fraud guidance – free download

Hiring fraud is an insidious practice that undermines trust and poses significant financial and reputational risks for businesses. As employers strive to find the right talent, they must remain vigilant against fraudulent activities that can tarnish their operations and brand integrity.

Hiring fraud manifests in various forms, from falsified credentials and fabricated work histories to identity theft and impersonation. These tactics often deceive even the most astute recruiters, leading to the unwitting employment of unqualified or dishonest individuals. The consequences can be dire, ranging from decreased productivity and morale to legal liabilities and damage to company reputation.

Detecting fraudulent applications has become increasingly challenging. However, employers can use several strategies to safeguard their recruitment processes.

Most recently, Reed has contributed to the first guidance of its kind to help organisations protect their recruitment practices. ‘Tackling hiring fraud: the response to a growing problem’ serves as a frontline tool in the battle against fraudulent hiring activity.

Steps to a secure hiring process

The guide, fronted by the Better Hiring Institute, identifies nine types of fraudulent activity: reference fraud, qualification fraud, fake application documents, CV-based fraud, employment scams, manipulation of artificial intelligence, dual employment, immigration fraud and fraud as a result of recruitment agency usage. Each is addressed in detail with case studies and expert guidance on prevention.

As a rule, thorough background checks are indispensable. Employers should verify the authenticity of educational qualifications, professional certifications, and employment histories provided by candidates. Utilising reputable background screening services, such as Reed Screening, can help uncover discrepancies and ensure that prospective hires possess the credentials they claim.

Identity verification measures are essential. Adopting biometric authentication or identity verification technologies will help, reducing the likelihood of impersonation and identity theft.

Stringent interview processes can also serve as a deterrent against fraudulent candidates. Conducting multiple rounds of interviews, including in-person assessments, and soliciting detailed responses can identify genuine candidates from impostors.

Technology can automate and streamline recruitment processes. Candidate tracking systems equipped with fraud detection algorithms can flag irregularities in applications, adding a further layer of protection.

It can also help to raise awareness of hiring fraud with your employees – encouraging them to report suspicious activities and provide avenues for whistleblowing. Providing guidance on how to spot red flags can have a ripple effect, protecting both the business and employees from falling victim to fraud in their career.

Protect your business with our hiring fraud guidance – free download

Technology has enabled criminals to take advantage of traditional recruitment processes, and organisations must adapt if they are to avoid CV fraud, employment scams, manipulation of AI tools and many more tactics.

Reed Screening, together with Better Hiring Institute and other partners, have defined hiring fraud as any fraud committed during the hiring process, which may be committed by an individual against an organisation, or by an entity against a jobseeker.

This comprehensive guide, ‘Tackling hiring fraud: the response to a growing problem’, identifies how employers can protect their organisations, using expert advice on how to prevent the most common criminal activity.

"Employers should be very worried about hiring fraud. At Reed Screening, we have made huge progress over the last few years in making hiring faster globally, including being referenced by UK government for our work on digital right to work. However, with the development of technology and improvements in the speed of hiring, we have seen an acceleration and amplification of fraud."
Keith Rosser
Director of Group Risk & Reed Screening – Reed

The new Better Hiring Institute free guide on tackling hiring fraud, co-written by Reed Screening and Cifas, contains a really useful checklist for HRDs (human resources directors) and CPOs (chief people officers) to use to ensure the company they represent has all the right defences in place.

Download our free hiring fraud guidance to help safeguard your organisation using the button at the top of this page.

Register CV

Sign in