Page 17 – ESA Risk

Charity Fraud Awareness Week 2021

Posted on October 18, 2021October 10, 2023 by Admin Admin

Charity Fraud Awareness Week 2021 is a joint-initiative from the Fraud Advisory Panel (“the voice of the counter-fraud profession”) and the Charity Commission for England and Wales (“an independent, non-ministerial government department” that “registers and regulates charities”), who launched a related website – Preventing Charity Fraud – which provides resources “on how to prevent, detect and respond to fraud committed against charities and not-for-profits.”

We’ll be publishing content in support of the cause all week on our website and our social media accounts using the campaign’s hashtag: #StopCharityFraud. In tomorrow’s article, ESA Risk’s Cyber Risk & Security Consultant, Graeme McGowan, will be covering cyber fraud and other cyber risks in the charity sector. Later in the week, Ali Twidale, Banking & Financial Fraud Consultant will look at money laundering and financial crime in charities. And Serious Fraud and Economic Crime Consultant, Lloydette Bai-Marrow, will round off the week by discussing what charities should do if they suspect a fraud has been committed.

Fraud prevention and fraud investigations is a topic we publish on regularly. We expect that much of this existing content (while created for a wider audience) will be of use to those in the charity sector looking to fight fraud:

Preventing Charity Fraud

As the Preventing Charity Fraud website states, “charities can be susceptible to fraud.” And it’s easy to see why. In a 2019 survey of more than 3,000 registered charities, the Charity Commission and the Fraud Advisory Panel found that only 9% of charities “have a fraud awareness training programme”, “almost half don’t actually have any good-practice protections in place” and “26% of charities believe they’re vulnerable to fraud because of an over-reliance on goodwill and trust”.

There’s been an increase in the number of cases of fraud in all sectors since the start of the Covid-19 pandemic. It’s likely that the situation in the charity sector is no better than it was 2 years ago, which is why initiatives such as this one are needed.

Charity Fraud Awareness Week comprises a number of online and in-person events aimed at those working in the charity sector.

Outside of Charity Fraud Awareness Week, the Preventing Charity Fraud website contains a host of practical information for those working in or with not-for-profits and charities, including downloadable helpsheets on topics such as whistleblowing, financial crime risks, volunteer fundraising fraud and charity retail fraud.

The Charity Commission and Fraud Advisory Panel’s 8 principles of good counter-fraud practice

Also on the website is the “8 principles of good counter-fraud practice” which was published in response to the findings of the 2019 survey of the sector.

The principles in full are:

“1. Fraud will always happen – being a charity is no defence. Even the best-prepared organisations cannot prevent all fraud. Charities are no less likely to be targeted than organisations in the private or public sector. Fraudsters don’t give a free pass to charitable activities.

“2. Fraud threats change constantly. Fraud evolves continually, and faster, thanks to digital technology. Charities need to be alert, agile and able to adapt their defences quickly and appropriately.

“3. Prevention is (far) better than cure. Financial loss and reputational damage can be reduced by effective prevention. It’s far more cost-effective to prevent fraud than to investigate it and remedy the damage done.

“4. Trust is exploited by fraudsters. Charities rely on trust and goodwill, which fraudsters try to exploit. A strong counter-fraud culture should be developed to encourage the robust use of fraud prevention controls and a willingness to challenge unusual activities and behaviour.

“5. Discovering fraud is a good thing. The first step in fighting fraud is to find it. This requires charities to talk openly and honestly about fraud. When charities don’t do this the only people who benefit are the fraudsters themselves.

“6. Report every individual fraud. The timely reporting of fraud to police, regulators and other agencies is fundamental to strengthening the resilience of individual charities and the sector as a whole.

“7. Anti-fraud responses should be proportionate to the charity’s size, activities and fraud risks. The vital first step in fighting fraud is to implement robust financial controls and get everyone in the charity to sign up to them.

“8. Fighting fraud is a job for everyone. Everybody involved – trustees, managers, employees, volunteers, beneficiaries – has a part to play in fighting fraud. Trustees in particular should manage fraud risks actively to satisfy themselves that the necessary counter-fraud arrangements are in place and working properly.”

Fraud-related advice and support from ESA Risk

Whatever sector you’re in, if you need advice or support on fraud prevention, we’re here to help. We’ll work with you to put in place preventative measures as part of your wider risk management strategy, covering areas including cyber security and due diligence.

If you suspect a fraud has been committed against your organisation, our experienced Investigations team – including a former principal investigative lawyer with the UK government’s Serious Fraud Office (SFO) – can help you discover the truth.

Contact Mike Wright, Risk Management & Investigations Consultant at mike.wright@esarisk.com, +44 (0)343 515 8686 or via our contact form, to find out more.

Bounce Back Loan fraud

Posted on October 14, 2021October 28, 2022 by Admin Admin

During the height of the pandemic, specifically from May 2020 to March 2021, the UK government offered businesses loans worth up to £50,000. The loans were capped at 25% turnover, with a 2.5% interest rate, but with the first 12 months interest-free.

More than 1.5 million businesses have made use of the BBLS from claims that operations were at risk as a result of lockdown measures. The government scheme intended to keep companies profitable, as well as saving employee jobs during a difficult pandemic period.

The loans came with a 100% government guarantee; although banks issued the capital, any losses would be repaid by taxpayer money.

The loans being government-backed meant that some people thought their personal risk exposure was low and that there wouldn’t be direct consequences to taking out a fraudulent loan, so many individuals sought to claim money from the scheme under false application.

Although the scheme has rejected thousands of fraudulent claims, banks were not able to always confirm if applicants qualified for the level of loan applied for. Many individuals have improperly obtained funds by carrying out Bounce Back Loan fraud, contributing to an estimate that nearly half of the £46.5 billion borrowed during the pandemic will not be repaid.

A parliamentary report, published by the Public Accounts Committee, commented that the scheme prioritised speed rather than precision, resulting in higher risk of fraud and error.

When making an application, companies had to self-declare their earnings and turnover, making room for dishonesty and fraud. The Ratings (Coronavirus) and Directors Disqualification (Dissolved Companies) Bill, if passed, will allow HMRC to chase up on directors who improperly dissolved their companies, leaving debts behind, such as those from Bounce Back Loans.

The potential consequences of Bounce Back Loan Scheme fraud

Directors will be disqualified if they are found to have committed acts of misfeasance or breached their duties as a director, and will be liable to prosecution. In some cases, company employees might have made fraudulent applications on behalf of senior staff, which would require further investigation as the consequences could be prison time. In other cases, individuals set up fake businesses in order to obtain a Bounce Back Loan, with the money then being used to make a high-value purchase unrelated to the business.

The National Crime Agency (NCA) has reported numerous arrests for Bounce Back Loan fraud. One instance is in the case of Mafuwer Logistics Ltd. The company received a £50,000 Bounce Back Loan in May 2020, despite their turnover being below the£200,000 necessary to qualify. Their bank statements showed a personal use of funds by the director, so their licence was revoked immediately.

The NCA has also said that it intends to aid the banking sector in detecting fraudulent applications. Individual banks need to tackle the problem so that each individual loan has been monitored and approved, to avoid bad actors receiving the loan.

The 5 types of fraudulent activity are:

When borrowers exaggerate otherwise legitimate claims, for instance by exaggerating their turnover to receive a larger loan.
The impersonation of a legitimate business to receive a loan.
Using ‘money mules’ to take out loans and then file for bankruptcy.
Making multiple applications via various lenders.
Filing under a false company to receive the loan.

To address BBL fraud, investigators may seek warrants to search buildings to aid their investigation. They may also interview suspects that have been linked to the situation. Anyone found guilty of this type of fraud may receive orders including fines, compensation and confiscation orders, director’s disqualification, Serious Crime Prevent Orders (SCPO) or imprisonment.

Fraud investigations by ESA Risk

If you suspect that a fraud has occurred within your business and need advice or support on the next steps, we’re here to help.

Contact Mike Wright, Risk Management & Investigations Consultant, at mike.wright@esarisk.com, on +44 (0)343 515 8686 or via our contact form, to find out more.

New SIA top-up training a welcome addition

Posted on October 12, 2021June 6, 2022 by Admin Admin

At the start of this month, the Security Industry Authority (SIA) announced that all licensed security guards and door supervisors will need to complete new top-up training (raising performance standards) and to hold a first aid qualification to renew their licence.

The training includes “updated counter-terror training and advice for emergencies and incidents”. As security personnel are very often the first on the scene at major incidents, anything that improves their ability to respond effectively should be viewed as a positive step.

The SIA has outlined 4 key drivers behind the updates to its qualifications, stating that the changes are being made “to make sure that people working in the private security industry can keep the public safe, follow new working practices, understand recent changes to the law and make the best use of new technology”. Practical elements of the qualifications’ assessments will now “include searching, dealing with conflict, report/statement writing and using communication devices”. The new training also includes “refreshed physical intervention training” for door supervisors.

As the SIA’s Acting Chief Executive, Michelle Russell, notes in the announcement: “These changes reflect the extensive feedback and input over the last 3 years from those on the ground involved in working to keep the communities they serve as safe as possible.”

Russell also references the importance of “operatives hav[ing] the knowledge and skills to deal with common risks, especially in safety critical areas.” We welcome any developments that add skills and professionalism to the security industry. We share a common goal with the SIA “to protect the public and raise standards in private security.”

The changes will be rolled out over the next 3 years, as current licensed security guards and door supervisors are only required to complete the top-up training once they come to renew their licence.

Alongside the new training requirements, the SIA announced that Door Supervision licence holders will now have the flexibility to renew to a Security Guarding licence. “Operatives are advised to consider their day-to-day duties and how they are deployed before renewing.”

The changes follow updates to the public space surveillance (CCTV) course earlier this year, and an updated Close Protection qualification is expected to be launched on 1^st April 2022.

The SIA is responsible for regulating the private security industry in the UK, reporting to the Home Secretary under the Private Security Industry Act 2001. The organisation’s duties include “the compulsory licensing of individuals undertaking designated activities and managing the voluntary Approved Contractor Scheme.”

Security services – including licensed security guards – from ESA Risk

ESA Risk’s security services – including professional concierge security and front-of-house services manned by highly trained security officers who are all licensed by the SIA – are provided through our joint venture with Marpol Security, a member of the Approved Contractor Scheme.

If you have a security need, we offer a free, high-quality assessment that can help you identify what services are critical for your sites. Whether it is a one-off service or the provision of long-term security arrangements, we are equipped to respond to your needs with a range of services that will safeguard you and your business.

For more information, contact Liam Doherty, Security Consultant, by email, via our online form or by calling +44 (0)343 515 8686.

5G and cyber security

Posted on October 11, 2021December 4, 2023 by Admin Admin

5G works with lower power usage and latency on devices, proposing a more nimble and agile use of technology once it becomes commonplace, such as loading online content faster and making many devices more efficient.

5G will also make use of network virtualisation (NV) which uses software and hardware resources on one virtual network, to optimise network services and enable remote resolutions to any issues. The accelerated speed of 5G in comparison to its forerunners can also contribute to cyber security packages, offering new ways to increase security measures. This could include the Internet of Things (IoT) and an increased use of cloud computing, to aid business networks, in particular, with gaining control over cyber security.

However, 5G comes with potential threats and risks. The network uses an upgraded routing of software rather than hardware-based switching, and this new digital routing contains various vulnerabilities that present risks to users.

Vulnerabilities of 5G cyber security

Hackers could potentially gain control of the software that manages the entire network, putting millions of devices at risk. Even if the software is initially managed by advanced computer technology this too can be vulnerable.
5G being used by the Internet of Medical Things (IoMT) can put client medical information at risk, as, if the network is hacked, information can be manipulated or altered.
Higher frequency coverage of 5G means that the transmitters cover less area so the number of cell towers will have to increase, otherwise network coverage will be poorer.
IoT networks involve a connection between many devices, giving hackers more options to target. Since these devices can individually be hacked, it puts the entire connected network at risk. This includes city infrastructure and drones that will all transmit personal data.
Huge amounts of data will be stored together on the cloud (rather than on secure local servers) so masses of information could be accessed by infiltrators.

Implementing safeguards

It is important to implement regulations and security measures to avoid breaches and data being leaked. Network operations must make sure to secure IoT devices and protect the network to ensure privacy policies are upheld. Software updates can have patches installed to ensure security, alongside password protection for various devices and applications.

The reliance of 5G on digital networks makes it more difficult for IT teams to control risks and attacks, so the network structure must have solid inbuilt defences such as firmware and security operating systems. Mitigation techniques and patching can help to protect IoT devices that will be using 5G. IT employees should also be educated on the security threats that 5G brings so they can be equipped to manage them and human error-based attacks can be avoided. SaaS (Software as a Service) providers will require the means to protect against attacks and individual devices may require installation of a virtual private network (VPN). Conducting regular malware scans and installing firewalls is also a way to secure devices.

5G will certainly bring many positives, such as increased speeds and reliability, so it is paramount that there is a strong understanding of how to protect the interconnected network of devices. 5G particularly protects privacy on devices, as it is cloud-based and rooted in digital software, so more data can be encrypted and safely stored. It will offer a broadening of IoT and be a powerful, faster network and asset to many. And with its development will come a fashioning of artificial intelligence systems that will be able to target and mitigate threats and secure sensitive data at the same time.

Cyber security support from ESA Risk

If you need advice or support on anything cyber security-related, contact us at advice@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

Upgrading your security systems

Posted on October 8, 2021July 13, 2022 by Admin Admin

Security professionals will be called on to upgrade security systems in order to protect companies’ assets, properties and people, whether with security personnel or a range of security technologies (such as security alarm systems) or a mix of the 2.

While security will be enforced to protect employees, it will also be required for out-of-use office spaces and vacant buildings. Many businesses have had to close down due to insolvency and this trend will continue, particularly once the government support is withdrawn. This leaves office premises to be vacated and will therefore require security to protect properties and comply with insurance requirements. Companies might invest in security guards or CCTV camera installation to ensure their property remains undamaged and safe from forced entry, burglary, water leaks or breakages, and that health and safety checks are being made.

Security systems are not just important to ward off intruders. For businesses that are still open, security systems can also monitor employee attendance and drive productivity, or enable managers to observe customer traffic and their staff’s customer service in sectors such as hospitality and retail.

As the season is changing and the nights are drawing in, employees being asked to open or lock up their place of work are being put at risk. To avoid breaching the duty of care, open and lock security services are available, as well as licensed security operatives 365 days a year, taking the risk away from employees as well as ensuring intruders can’t access the building.

How can I ensure my business is secure?

There are some relatively simple steps you can follow to start ensuring your business is secure:

Regular physical security reviews can ensure that sensitive materials are locked away and that equipment is safely stored.
Security teams can ensure clean desk policies to mitigate risks of company information being stolen in a break-in.
Protective measures can include high-security locks, video surveillance cameras and security alarm systems, as well as overnight security guards. Having a trustworthy security team not only ensures your offices are highly guarded, but also that your security can recognise intruders and adapt their security plans for your business.
By conducting regular risk assessments, the correct security systems can be installed, and fit-for-purpose policies and procedures to ensure compliance by everyone in the company can be put in place.
Things like visitor access should be closely monitored, especially as workers start returning to the office, to ensure unauthorised individuals cannot gain entry to company buildings. This can be ensured through card-only access and intruder alarms or easy-install wireless systems for buildings that remain unoccupied.

When implementing new security systems, make sure they are adaptable and can be installed with agility, in correspondence to the current government rules and regulations. Security plans will have to be updated and redesigned, so must be implemented in a cost-effective and diligent manner. Technology continues to improve and security measures like cameras become cheaper, allowing for a tightening of security for your business.

At ESA Risk, we install robust security systems to protect you and your business. Whether you need to protect people, property or assets (or all 3), we’ll work with you to create a security setup that meets your needs through the use of technology (e.g. CCTV and alarm installation and monitoring) and manned services (e.g. close protection, manned guarding).

Contact our Security Consultant, Liam Doherty, to arrange your security risk assessment and consultation today.

More job vacancies foreseen in hospitality

Posted on October 7, 2021March 12, 2022 by Admin Admin

Businesses claim that a reduced number of applications is putting a strain on recruitment, amidst reasons such as border controls, retirements and fewer EU applicants coming to work in the UK due to Brexit.

Additionally, some EU workers returned to their home countries during the pandemic, either due to businesses making workers redundant or to be with their families, meaning the industry has not only fewer applicants but a reduced workforce, too.

As Covid-19 restrictions ease, hospitality job vacancies increase

The Office for National Statistics (ONS) reports that 30% of hospitality businesses have said vacancies are currently harder to fill now than at the start of 2021.

Between June and August of 2021, there were 1,034,000 job vacancies in the UK across all sectors, with job openings in the hospitality industry increasing by 59.1% to 117,000, according to the ONS. Although the furlough scheme helped protect many jobs, some businesses in the industry accumulated debt which forced them to let staff go.

The number of employees on payroll remains below pre-pandemic levels by 6% in hospitality businesses, meaning many workers have either relocated or started new jobs in other industries that remained open during the nationwide lockdowns.

Furthermore, the fact that EU citizens now need a visa to work in the UK causes further worry that the hospitality industry will struggle with employee numbers.

Although hospitality businesses have been reopening since the easing of Covid-related restrictions in May this year, the uptake of staff has been slow and uneven. Perhaps the uncertainty of the future of hospitality businesses remaining open, due to changing government policy, is what has kept vacancies open.

Artificial wage inflation

In addition, there has been an artificial wage inflation during current staff shortages, as competition for a limited number of employees continues. This trend may well be sustainable in the short term while the demand is high and revenues are strong, with some reductions in VAT on food, accommodation and soft drinks helping EBITDA. However, once demand in the hospitality industry levels off – as people catch up with family events lost during the pandemic and overseas travel increases – this artificially increased level of pay is likely to become unsustainable.

The net result could mean an increase in zero hours contracts or redundancies, which will exacerbate pressures on the Exchequer. For now, a short-term solution for some enterprises is to include a mandatory (or increase an existing) service charge levy on customer bills in food and drinks outlets, with some accommodation providers starting to apply a service charge levy on accommodation, too. The hope is that this would supplement employees’ wages without affecting the bottom line once VAT returns to its normal levels.

Potential solutions to this include:

Short-term solution – To introduce minimum entry requirements visa system for EU workers in hospitality (can be rolled out to road haulage, NHS, food production, banking and other sectors of economy where we experience shortages). The requirements to be granted such a visa could be, for example: individuals should have a firm offer of employment and no recourse to public funds (other than primary healthcare and A&E) and have private health insurance. Such visas should be valid for a fixed term of 5 years, with those who stay/contribute for 5 years qualifying for indefinite leave to remain.

Medium- to long-term solutions – Spend time and resources on promoting wider benefits of working in hospitality: fast-paced increase in earnings potential as your career progresses, meals and uniforms on duty in most cases, reduced travel offers in some cases and so on.Use the initial 5-year period to increase funding for apprenticeships and all other forms of education and retraining for hospitality (and other sectors as above), allowing for attrition of employees from the EU when the initial 5-year visa term comes to an end.

Hospitality Apprenticeships Week 2021

In response to the staffing shortages, industry leaders have initiated a ‘Hospitality Apprenticeships Week’ to encourage young people to apply for jobs in the sector. The campaign aims to educate and inspire potential recruits about the variety of opportunities within hospitality, with themed days focusing on different roles, including supervisory and managerial positions.

As the furlough scheme has now ended, the apprenticeships initiative is expected to enable hospitality businesses to combat the numbers of vacancies in the industry and to advertise the prospects within it.

Education provider BPP has posted: “To mark National Apprenticeship Week 2021, we’ll be using our platforms to raise the profile of apprenticeships and the benefits they can offer both employers and learners.”

Apprentices from the Stonegate Group, Fuller, Smith and Turner PLC, Marston’s PLC, Mitchells & Butlers, JD Wetherspoon, McDonald’s, Springboard and Diageo have confirmed attendance to the ‘Hospitality Apprentice Showcase’ event, which forms a part of the industry-focused week.

London networking event

Posted on October 6, 2021March 12, 2022 by Admin Admin

Back to London for our end-of-September networking event, hosted by ESA Risk’s Mike Wright and J-P Pitt from our co-host, Asertis.

The evening was an enjoyable one for the hosts and attendees alike, to get out of the cold and into the delightful venue that is the Bunghole Cellars in Holborn.

The group included professionals from a range of companies who came together for a few drinks and good conversation. Our events are informal, allowing people to chat in a comfortable out-of-office setting.

After the event, Mike shared that the evening was “a very pleasant one: we all got to know each other, the venue was full, business cards were exchanged. All in all it was a good event.”

We aim to bring together professionals from various industries, to network and connect.

The 500 Club series of events takes place fortnightly across the UK in cities including London, Leeds and Manchester. There’s a good chance we’ll be coming to a city near you over the next few months.

If you’d like to be added to our invite list, please contact us.

Data Management in Banking

Posted on October 6, 2021July 13, 2022 by Admin Admin

Effective data management in banking is paramount in protecting your information, to avoid data leaks and maintain customer privacy. When handling confidential client information, there are various safety measures and precautions that banks take to ensure it remains secure.

First of all, data management involves a structured process of collecting the data, ensuring each client’s information is efficiently processed and organised. The storage of data is paramount in maintaining successful data management in accordance with the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR) and this often involves the cloud or on-site servers that are equipped to store and segment data appropriately.

The digitalisation of information has made it much easier to manage client records, especially when it comes to monitoring online behaviour and keeping records of money going in and out. Through IT infrastructure, analytical models can be made to provide insight into market trends and customer behaviour. They can detect patterns of behaviour to predict future events, also, such as the likelihood of a customer to become overdrawn.

This aspect of data management takes on a practical approach and enhances customer service, as well as giving the bank more information on how best to allocate funds. Alongside data analytics, online reports and dashboards can also track the bank’s performance.

‘The secure management of all types of data remains one of the highest priorities for the UK banking industry, especially with the added pressures of exponentially increasing fraudulent activity and targeted scams that have been born out of the Covid-19 pandemic.”

Is your data safe?

Many people in the UK have concerns about their data being at risk due to hackers and fraudsters. Banks have a large task to avoid cyber attacks and fraud, create financial products and services tailored to customers, and pre-empt customers’ needs, all while storing and protecting vast amounts of data.

Data stores and legacy systems, although being hard to access, can be infiltrated, so banks ensure regular assessments and analysis of systems. Risk models can also be drawn up to create security plans in case something goes wrong, and banks can opt for more secure storage systems such as Apache Cassandra, which is a scalable, open-source database that enables lots of secure data to be stored at once.

“Data breaches create high-profile activity in the media and so the banks need to constantly invest and work even harder to protect their assets and reputations, which will ensure customer confidence is kept high.”

Customers are now able to request a copy of what personal information of theirs is stored by banks, although this can take up to 6 weeks. This is called a subject access request (SAR) and originates from the EU General Data Protection Regulation (GDPR), but it has remained in UK law under the Data Protection Act despite Brexit.

Banks work to provide trustworthy storage of customer funds alongside optimising their own revenue. By offering a positive customer experience and maximising the value gained from customer data, banks fulfil their role as an institution. Managing your data effectively is therefore in their best interest, not only to magnify their own revenue but also to maintain reliability as a business. But it is also important for us as customers to be diligent when it comes to storing our money and be aware of the risks that come with entrusting capital to a separate institution.

Duty of directors – a stark reminder

Posted on October 5, 2021April 8, 2022 by Admin Admin

Cristina Angelica Tasca, from Arbroath, has been banned “from directly or indirectly becoming involved in the promotion, formation or management of a company without the permission of the court” after failing to produce company accounts or records during the liquidation of her Angel Tas Limited construction business.

The 27-year-old was unable to explain more than £716,000 of expenditure, which included £16,000 of cash withdrawals from her company’s bank account, according to a press release from the Insolvency Service.

Liquidators were called in following a winding-up petition from the UK’s tax authorities, after Ms Tasca failed to make obligitary tax payments from 2019 and further failed “to respond to repeated requests for payment”. The liquidators made “numerous requests” to see Angel Tas Limited’s company accounts and records, but Ms Tasca was unable to provide either. As a result, it was impossible to identify the purpose of expenses totalling over £716,000. In addition, liquidators could not “confirm whether the receipts of nearly £700,000 were a true representation of all the company’s sales”.

Ms Tasca’s case was heard in Forfar Sheriff Court on 7th July 2021, following an investigation by the Insolvency Service. The hearing led to the construction boss – whose company specialised in plastering and rendering – being disqualified for 7 years, effective from 27th July 2021.

Such cases act as a stark reminder of the duty of directors, and a warning of the consequences when duties are not upheld. “All directors have a duty to ensure their companies maintain proper accounting records”, commented the Insolvency Service’s Chief Investigator, Rob Clarke, in relation to Ms Tasca’s disqualification. “This includes delivering them to the office-holder in the event of an insolvency.” He referred to the director’s lack of record keeping as a potential “cloak for impropriety”.

A disqualification order is strict and wide-ranging. As well as placing a ban on holding a directorship, disqualification “stops you acting as if you were a director”. The order cannot be avoided through a change of job title/description, nor by instructing other people in the running of a company. In Ms Tasca’s case, her company was incorporated in Scotland, but her disqualification applies across the UK and to businesses with a “sufficient connection” to the UK.

Do you need support with your company accounts?

If you need advice about or support with your company’s accounts and records, ESA Risk can help. Our Consulting and Risk Management teams include experienced chartered accountants, business managers and advisors. ESA Risk consultant Kevin Bennett has held in-house and consultancy positions in a wide range of industries. He specialises in all matters of accounting, including book-keeping and corporation and personal tax returns. Contact Kevin today for the advice and support you need.

7 Steps to Data Security

Posted on October 4, 2021December 4, 2023 by Admin Admin

For an organisation, it is of paramount importance to identify areas of exposure and develop adequate risk management programmes that address data privacy and security. To help you get started, here are 7 questions to frame your thinking. If you can confidently meet the requirements in the 7 questions, then you are on your way to better data security.

1. Is the corporation aware of all applicable legislation pertaining to customer data?

For UK businesses, the main legislation is the Data Protection Act (DPA) 2018, but there may be laws in other jurisdictions which you also need to comply with if you do business or have customers outside of the UK. For example, the EU’s General Data Protection Regulation (GDPR) applies to all EU citizens and therefore any company processing the data of EU citizens. While most of the GDPR is currently enshrined in UK law (in the DPA 2018), this isn’t the case for all data laws worldwide, and the UK’s implementation of the GDPR is under consultation.

2. Is any personal identifiable information (PII) or client confidential information stored on computers or in paper files on premises?

If so, where specifically is the data stored, how is it secured, who has access and how many PII data files are there? Track personal data throughout your entire information infrastructure and identify all parties that have access to this data. Conduct an audit to inspect employee access to and use of personal data.

3. Are all of the company’s laptops encrypted? Are portable media devices like thumb drives prohibited or at least encrypted?

Devices such as laptops, smartphones, external hard drives and flash drives all present possible data security threats if lost, stolen, or hacked. While most people assume that system hackers are the greatest threat, recent studies show that lost or stolen portable devices are the most common cause of data breaches.

4. Has the company implemented strong internal password controls and information security training for all employees?

Make sure passwords are strong. It is also a good practice to reset passwords periodically – 30-45 days is a good timeline – and never duplicate passwords. It’s also imperative to reset default passwords.

5. Are the company’s firewalls current and all security patches regularly updated?

A firewall can be the best defence when trying to isolate and contain breaches. Despite the expense, it is beneficial to invest in a robust set of firewalls that require user authentication.

6. Does the company outsource any services to third-party vendors that may involve a client’s information?

If so, does the third party have the right processes and procedures in place to protect the integrity of the data, as well as security measures governing those processes? If you outsource services to a processor, as the data controller you remain responsible for ensuring that any data processing complies with the DPA. Any contractual agreement should be supported by an indemnity from the third-party processor in favour of the data controller in the event of any breach. That means making sure suitable security arrangements are in place to meet the 7^th data protection principle- that ‘appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of such data’.

7. Does the company have in force a detailed plan in case of a data breach?

In addition to developing and implementing a risk management programme for data breach, risk transfer via insurance can be a cost-effective risk management mechanism.

Need further support?

If you require expert assistance with compliance or risk management strategies, get in touch with our team. We’ll work with you to manage risk and keep your business cybersafe.

Contact Mike Wright (Risk Management & Investigations Consultant) for further advice.