Bob Pointer - CFIL Global
Let’s not beat around the bush, fraud is at epidemic proportions and shows no signs of slowing down. The total cost of reported fraud in the UK August 2016 to August 2017 is £193 billion, of which £144 billion was lost in the private sector, according to figures from Portsmouth Universities Centre for Counter Fraud Studies.
Furthermore, £1.9 billion of the private sector figures accounts for the cost of loss suffered by charities whilst £10 billion was against individuals. Whilst there is no official breakdown, my knowledge and experience leads me to the conclusion that at least 50% of the loss to individuals will be through or connected to their business (sole traders, micro companies).
The creation of a dedicated fraud reporting pathway Action Fraud, which bypasses the Police and makes reporting much easier, is quoted regularly as the reason why the fraud figures have soared and keep on going up unabated. However, my experience on the ground is different, I meet many small businesses who don’t bother reporting fraud as they believe its just a paper exercise.
There is some truth is this. The sheer size of fraud coupled with ever decreasing numbers and higher and wider demands mean our Police service cannot effectively respond to every single report of fraud.
All reports made are sent directly to the National Fraud Intelligence Bureau (NFIB) where patterns and trends are identified, and where needed reports sent out to individual forces to deal. The NFIB also regularly shut down websites and act to deny service to fraudsters. Still it is a fact that over 95% of all reported frauds are not actively investigated.
Trends identified within the figures support the view that fraudsters are now turning their attentions towards smaller businesses and individuals.
Small businesses have significantly fewer anti-fraud controls than large organisations. This gap in fraud prevention and detection leaves small businesses susceptible to frauds that can cause significant harm to their limited finances.
The fact that small businesses, especially in locations like the Forest of Dean, tend to do business with people they know does offer some level of security.
However, the risks are not always from outside. As far back as 2015 compliance and risk specialists Kroll identified that globally 81% of reported fraud had an insider involvement to some extent.
There are two types of insiders - conscious and unconscious. Conscious Insiders are those who for whatever reason decide to work against the company – skimming money off sales, false invoicing, inflated expense claims etc. However, there are others who are just consciously incompetent, sloppy, inattentive and “wilfully blind” to the risks of their actions – they may have been told not to open email attachments from non-trusted source’s, but they do it anyway.
Far more dangerous though are those individuals who are unconsciously incompetent they simply don’t know what they don’t know – and here’s where I potentially upset and alienate readers because I’m sorry to say THIS COULD BE YOU!
This is not seeking to unjustly apportioning blame, it is a fact that we all need but fail to keep ourselves updated to the risks and latest scams. Training companies know this, and it is often reflected in the cost of many programmes which prices out those who really could benefit from the knowledge.
This is the premise upon which myself and fellow CAP member Mark Davies seek to address by firstly holding a 2-hour awareness session - GDPR security and Identity on the 14th March and secondly using this as a forum to discuss the viability and appetite for the development of some form of local security community.
I sincerely hope you will not only support this event by attending but by spreading the word to those who do not network but who really need to know what they don’t know.
Tracey Ashford - Fleet Solicitors
There is always a temptation to try and do it yourself to save costs, whether it be home improvements, gardening, running your business or a number of other situations. When it comes to legal matters, there is a general perception that legal fees are expensive and better off avoided where possible.
However, unless you are fully confident with how our legal system works and the rules that apply, it may actually work out cheaper for you in the long run to obtain specialist legal advice at the outset. The Supreme Court’s decision this week in the case of Barton v Wright Hassell LLP highlights this.
Mr Barton wanted to bring a claim against his former solicitors, Wright Hassell, for negligence. He chose to do this himself without instructing solicitors to represent him. He issued a Claim Form in the Court to start the claim. He then emailed it to lawyers acting for Wright Hassell. You may think that in this day and age that that is perfectly acceptable, everyone corresponds by email. But did you know that the Court Rules specifically state that a Claim Form cannot be sent by email unless the party receiving it has specifically agreed to receive it by email? Wright Hassell’s lawyers hadn’t been asked whether they would accept the Claim Form by email, so they could not give their consent. The claim was therefore ruled to be an invalid claim and Mr Barton was unable to pursue it.
Mr Barton was naturally aggrieved. How was he to know of this unusual Court Rule. The Court Rules are too complex for him to fully understand and the Court should make allowances for this. Unfortunately for Mr Barton, the Court did not agree. In the first instance, a District Judge decided that Mr Barton wasn’t entitled to ‘special rules or indulgences’. This decision was then backed by the Court of Appeal and then again, this week by the Supreme Court. The Supreme Court was clear in that the Court Rules must apply to all parties equally.
Can you afford not to get proper legal advice?
Leanne Pogson - Leap HR
I see and hear comments daily from businesses large and small of genuine surprise that there are fairly significant changes coming into force that will impact them.
In reality this key piece of EU law was passed back in 2016 and they have allowed businesses until 25 May 2018 to get ready. That said the Information Commissioners Office (ICO) have only published an overview. The finite detail is still being worked on. But irrespective of the lack of detail, common sense can be applied to start getting your house in order.
Who does it affect?
That’s the reality.
There is not one business who doesn’t hold some form of information about others. Whether it’s a customer, a supplier or an employee, you will have some sort of data. The obvious things are email details, addresses, phone numbers but it will also include IP addresses, employee numbers …...basically anything that can is used to identify an individual. Every business will be different, so every business will need to review what they have.
Data Protection (DP) isn’t new. As business owners and managers, you should already be aware of DP, and you should already have processes in place to protect people.
But the reality is that many businesses don’t. And that is why this key change is having such an impact now. There is great rushing around to see what is needed, and some are raking it in on the cash cow that invariably comes with something new that everyone is responsible for.
Don’t forget you are also a person – so before arguing that the law is ridiculous, stop and think how you would feel as if your personal information was shared. How do you feel when you get numerous calls offering to sort out your PPI? Most hate it. So why as a business owner would you let it go on in your own Company.
What will I happen if I don’t do anything?
Potentially there are fines, and they are not small. Up to 4% of your global turnover or £20million whichever is the highest. Most of us don’t have that sort of turnover but suffice it to say there is an impact.
The ICO don’t particularly want to fine people, that solves nothing. What they want to ensure is that personal information is secure, and not shared willy-nilly around. They want to stop some of the harrowing tales of constant harassing calls asking for money, people being on lists for goods that they don’t want or need, to stop people’s data being published “out there” when it is personal and not needed. The legislation is there to protect all.
In 2015, Olivia Cooke, a Poppy Seller aged 92 received hundreds of letters asking for donations. She parted with a lot of money and in the end committed suicide.
Many of us have common sense, but some do not and those prey on the vulnerable in such a way that is quite frankly wrong.
What do I need to do?
There are 12 steps you need to take. These are all listed on the ICO website in a document “Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now.”
Essentially you should do an audit. Review and challenge the information that you hold. Why do you have it? how long do you hold it for? is it necessary? Some things have to be retained for statutory purposes, that’s ok, just ensure you are consistent.
Make sure that everyone knows your Policy; and if people work for you are trained on the legislation and how to respond to questions. So, create a Policy, which will need to be published on a website and available to anyone who ask.
Make sure you understand individual’s rights – there are 8 to consider.
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to data portability
6. The right to object
7. The right not to be subject to automated decision making including profiling.
If you hold lists, such as customers information then you MUST contact them all and ask them for their express consent. If you don’t hear back, then you MUST delete their information. This is big for those of you that rely on lists and I am aware of people with tens of thousands of names. Yes, you have to contact them all. Gone is the ability to pre-populate a tick box. People must fully understand what their information is being held for. Employers need to make sure that employees are aware of data held. Look, they can’t ask you to delate everything, some things have to be held for legal purposes, just make sure that you do genuinely need what you have. Just because, is not an acceptable reason.
Make sure that your systems are all checked and secure, and that passwords set and reset on a regular basis individually. Cyber security and awareness of the possibility of hacking is critical these days.
As the business owner it is YOUR responsibility personally for this.
Will it cost you anything? Time to do some housekeeping, and to review the impacts for your business. The bigger or more complex your business, you may need to get some expertise in to ensure that you comply. There is a lot of scaremongering out there…..but it could cost you a lot if you don’t act now.
Jason Whitehead - Vitality Mortgages
The question I'm asked more than any other is how should I own my BTL property ?
My answer is always the same I’m not a tax expert I’m a mortgage and protection specialist speak to a Taxation Specialist. I can facilitate a mortgage on any of the ways he suggest is best for you.
BTL Landlords do however need to know, to seek specialist tax advice to work out how best to deal with BTL Properties that they hold in their own names given the well documented changes to the income tax.
Hopefully Landlords are aware, the government no longer allows individual BTL property investors to offset all of their mortgage interest against their profits. These changes are being phased in. Currently individual landlords can offset 75% of their mortgage interest against their profits. This falls to 50% in 2018, 25% in 2019 and 0% in 2020.
The solution which has been touted by many in the media and others is to transfer your Buy to Let properties into a company whose shares are owned by you. This gives you full control of the property asset, but instead of income tax, the company will pay corporation tax.
The current rate of corporation tax is 19%. What is even more attractive is that the level of corporation tax is due to fall to as low as 17% from 1 April 2020. This all sounds like a bit of a no brainer!
Transferring the Property to a company isn’t all plain sailing though.
If an individual wants to take dividends out of the company from this rental income, this will be taxed. What is different though is that you can take the dividend at a time to suit yourself to ensure maximum tax efficiency.
Also, when you transfer the Property to a company you will also be, (most of the time) putting some of your own money in – the equity that you had in the Property prior to the transfer to the company.
Our clients often make arrangements so that this equity becomes a director’s loan (from you to the company). Most landlords have equity in the property and will not be financing the transfer to a company with 100% loan to value mortgages.
When these director’s loans are repaid by the company to the director(s), no income tax will be due on them. In effect, money can be taken out of company over time on which no income tax is paid. So, all good there then?
One of the major costs which is incurred by individuals (as opposed to a partnerships) who are transferring Buy to Let properties into a company is Stamp Duty Land Tax.
There seems to be quite a lot of confusion in relation to how much Stamp Duty Land Tax is payable when a residential property is transferred to a company. As this is in effect, a self-declared tax, getting it wrong can store up problems for the future if the SDLT Return is subsequently investigated by the tax authorities.
For individuals transferring properties into companies, the companies pay SDLT at the normal rate (which is calculated on either the price paid for the transfer or the value of the Property being transferred) plus an additional rate of 3%. This can turn out to be rather expensive, however, it is up to the individuals to determine whether it is more cost effective to pay a large SDLT bill now or become penalised for income tax on an ongoing basis whilst they hold the Buy to Let asset.
To fully understand the tax consequences of transferring (or not transferring) the Buy to Let property into a company, you should take specialist tax advice
Mark Davies - The Identity Organisation
In the new and imminent GDPR world, mandatory reporting of a data breach becomes a reality for all businesses, and for those businesses who don’t report a breach, very large fines will apply. Running a business is about to become even more complex, but the real issue will be, how you as a business owner protect the data you hold, and whether or not that protection works.
The threat landscape has changed and we’re all aware of recent high profile fraud attacks that have resulted in data breaches and loss of profit and productivity. Only the other night there was a report on BBC Points West about a firm in Somerset who switched to online banking for the first time, and were defrauded of £3 Million.
Whilst, this was more of a straightforward internet fraud, interestingly, in the new GDPR world, it’s likely that such a breach would come under scrutiny and there would be questions about the processes for the detection of, and response to cyber-attacks. No doubt, the Information Commission will be interested when Companies fall victim to a fraud, wanting to understand what else could have happened apart from the successful attack? That’s the connection between security and GDPR.
As customers become more and more aware of their privacy rights - much strengthened under GDPR - and as that awareness grows, the onus on Businesses to protect their customers’ privacy and security will grow with it.
So, GDPR compliance cannot be a case of, “trying your best!” Demonstrating that, as a Business owner, you have taken the security of customer data seriously, is the core aim of GDPR. But, because the threat online is continuously changing in response to new defences, businesses not expert in the cyber-security field cannot hope to protect themselves adequately. The question then becomes -How do you demonstrate that you have done your best? Quite simply, security must underpin everything that you do online. And another small wrinkle. GDPR doesn’t only apply to digital data, but also any information you might hold in paper format!
More and more investment by large companies is going into trying to second guess what hackers have done on their networks and how to respond to an attack. They’re partnering with lots of organisations to develop new defence systems and data audits across their networks.
Smaller and Medium-sized Businesses may feel that they can’t afford this kind of investment. The question you have to ask yourself is, “can you afford not too?” if you don’t trust your systems and processes, how can you expect your customers and suppliers too? Under GDPR, they will want to be able to trust you to protect their data.
Data is the future
There is a risk that a lot of smaller businesses will, “press the panic button,” and reduce or delete completely the data that they hold on customers and suppliers. But, if you have no insight about your customers anymore it’s going to put you in a difficult position. In the future, even more than now, businesses will need to make data work for them, to be able to grow. But, in the GDPR world, they won’t be able to take a haphazard approach to how they use, store and protect that data.
Businesses of all sizes will have to make people aware of what they’re doing with their data, where it is, what it is and how they can get access to it. And as the public begins to understand what their data is worth, not just to the businesses they interact with, but also those who would seek to use it for criminal purposes, it’s only natural that they will want to see it protected. So, it’s not just about protecting the data you hold, but also protecting and growing your Business.
In summary. In the new GDPR world, all businesses will have to be transparent about the data they hold and what they do with it, comply with regulations and protect the data they hold.
Essentially, everything will come down to, as it always does. Trust!
Jacqui Lewis-Everley - ilateral
This is not a new story (Google announced it's plans September 2017), but many people are still unaware that Google Chrome and Firefox will be blocking websites that use SSL certificates issued by Symantec as of April this year. You many think "Well, my SSL certificate was issued by GeoTrust/RapidSSL/Thawte, not Symantec", but the reality is that Symantec provided SSL certificates to many companies (including the ones mentioned) and if you bought one of these SSL certificates, then your website might be blocked.
The result of this is that potentially thousands of websites could be blocked by Chrome and Firefox (there is a more detailed post about this on The Register), but a lot of websites providers still seem unaware that this update is coming. It is of the upmost importance that is your site is protected by an SSL certificate, you contact your provider and ask them if this update effects you!
You might feel that Google has gone to far in doing this, "how can one company dictate the availability of so many websites" you may ask? The reality is, Symantec's SSL company has not always been adhering to industry standards when issuing SSL certificates and have issued a certificate where they should not. Consequently, Chrome and Firefox developers feel they cannot trust certificates provided by Symantec. This may be a bit of a frustration for some people, but SSL certificates are supposed to be secure and provide a level of credibility to a site. If there is evidence that a supplier might not be providing secure certificates, it is the responsibility of companies like Google to help protect it's users.
If you want to find out more information about the whole story, Google posted an article on their security blog last year, you can go check it out.
Bob Pointer - CFIL Global
Words in papers, words in books,
Words on TV, words for crooks,
Words of comfort, words of peace,
Words to make the fighting cease,
Sometime ago before my move to the forest I attended an event, in my then local area, entitled “Magic at the barn”. Stage on behalf of local charities it provided amateur and professional illusionists, magicians and mentalists of various standing and ability, with an opportunity to showcase their acts.
I am extremely interested in the concept, principles and methodology of mentalism. The use of influence to exploit human nature are much the same as those used by fraudsters and social engineering (sic).
For every lie there has to be deception – but deception does not necessarily involve a lie.
Professor Albert Mehrabian in his article “Decoding of Inconsistent Communications” published in the Journal of Personality and Social Psychology in 1967 first highlighted the importance of verbal and nonverbal messages and introduced what is commonly known as the 7%-38%-55% rule. This rule is the stock in trade of the “Human lie detectors and body language gurus” who ply their trade online. Whilst Mehrabian’s proposition related to very focused and specific circumstances and has been widely misrepresented as the make-up of all intra-personal communication it does highlight the undisputed link between what we say verbally and what our bodies say.
Concrete words, abstract words,
Crazy words and lying words,
Whilst I agree that nonverbal communication plays a pivotal role in effective communication I don’t subscribe to the theory that in all interactions words only account for around 7% of the process.Words are the primary way in which we relay our message our nonverbal behaviour assists in directing that message.
In neuro-linquistic programming (NLP) the premise that we mainly operate on auto -pilot conforming to established patterns of behaviour is a fundamental principle which manifests itself in the use of embedded commands – hidden messages within a communication which speak directly to the unconscious mind. As a non practicing NLP practitioner I am aware of how powerful these verbal cues can be if used correctly – as evidenced by the results of my current work with Sales professionals at Volvo Trucks UK.
Whilst used correctly and ethically embedded commands are a useful tool in many circumstances, seeing them used alongside “conscious hypnosis” in the name of entertainment to me clearly evidenced the dangers of their misuse to manipulate and deceive.
Today in our technology enabled lives we are bombarded with messages all our waking hours from various media sources so how easy would it be for marketeers, Sales man and fraudsters to embed messages or information which bypasses our conscious mind?
The answer extremely easy as evidenced by a study undertaken at Glasgow University in 2012. In this experiment participants were provided with spoken messages via headsets and were required to press a button after each message if they thought it contained the truth. The messages relayed were based on the semantic illusion theory the most famous example of which is the message;
“How many animals of each kind did Moses take into the Ark”
Obviously this is not a true statement as it was Noah not Moses but this experiment evidenced that if a statement like this is delivered in the right way and “sounds” true we will accept it.
Another example is the Barnum or Forer effect again much loved by mind readers and astrologists which refers to the tendency for people to accept generic personal feedback consisting of relatively trivial statements as being highly accurate (Tobacyk & Milford, 1988).
So,what is the relevance of this here today? It is in my view extremely relevant in fact it could cost everything – our money and our very identity.
The principle of what is now known as social engineering is to use human nature against us to the advantage of another.
Organisations are very adept now at installing high tech monitoring systems to maintain the security of their data but every system has its weak point and invariably that is the human element.
Emails, social media, on line dating, there are so many ways now to use words as trojan horses to influence, misdirect or deceive us. Why send 1000s of hopeful emails asking to help get money out of an African princes embargoed account when you can send one from a trusted associate asking to meet for a drink at a new venue shown on an attachment or gain an individuals confidence through manipulation of their unconscious mind.
Understanding how human beings think and behave are vital skills for anyone in business. However it is a dying art as we rely more and more on technologically mediated communication.
Words are like a certain person
Who can’t say what they mean
Don’t mean what they say
Wordy Rappinghood – The Tom Tom Club
Oh and by the way without going back tell me, did I go to the “Magic at the barn” event?
CAP BUSINESS CLUBS BLOG
Visit us on Facebook - We always appreciate any "Likes"
T: 01594 723120
M: 07811 981929
The Main Place
Old Station Way