Are alarms bells ringing in your office this month? If not, they should be.
The shocking, if self-inflicted, data breach of the Police Service of Northern Ireland, putting 10,000 employee Iives at risk, is a siren wake up call for every UK citizen and institution.
From the NHS to academics, everyone has been far too slack to upgrade their security protocols.
Criminals, terrorists and foreign powers do not just home in on big institutions and government. They are out for you.
IFAs are prime targets. Be on your guard, criminals exploit every weak link. They will use you as a conduit to the ‘big guns’ – banks and insurers.
As far back as 2017 Amyas Morse, then head of the National Audit Office, stressed: “For too long, as a low value but high volume crime, online fraud has been overlooked by government, law enforcement and industry. It is now the most commonly experienced crime in England and Wales and demands an urgent response."
Even years on, there has been no fundamental change; it seems a real life version of the famous play Waiting for Godot.
In November 2022, the NAO noted: "Fraud was the largest category of crime in England and Wales in the year ending June 2022, amounting to 41 per cent of all crimes against individuals, compared to 30 per cent in the year ending March 2017.
"The cost of fraud to individuals is £4.7bn – but we can’t even shine a light on the cost of fraud to businesses as so far there is no accurate aggregate data.”
Shockingly, the NAO points a finger at the Home Office, accusing it of “a limited understanding of who commits fraud and those who enable it by their action or inaction.”
Officialdom from police to judges seems hamstrung. Some believe judges do not issue harsh enough sentences. In any case, even the toughest sentence is no deterrent. The likelihood of getting caught is as remote as winning the lottery.
That is not hyperbole. As recent a victim of attempted ID theft myself, I dutifully tried to log this attempted fraud on me.
Superficially, I suffered no actual loss. Action Fraud's website was lukewarm in encouraging people in my situation from even logging this type of attempt.
Yet my attempted ID theft felt like a violation. I lost a day's fees; as a freelancer, no work means no pay and no revenue, however minuscule, that day for me from HMRC (as it took a while to grapple with call centres to secure my data). Their time in clearing up the mess is also unrecorded in official data.