Skip to main content

Part of Data Security Standard 6 - Responding to incidents

Fraud (6.3.4)

Previous Chapter

Monitoring (6.3.4)

Current Chapter

Current chapter – Fraud (6.3.4)

View all

Increasingly digital services are proving to be attractive to cyber criminals and are being subjected to fraudulent activity .

The first step is to understand which of your digital services may be an attractive target.

Action Fraud (National Fraud and Cyber Crime Reporting Centre) has an A to Z of fraud which should help you in identifying those systems.

The focus is primarily on financial fraud, but my not be limited to that for example there are identity or staff systems which could be used for identity theft or telephone fraud. 

Organisations should consider enhancing the security controls and monitoring of areas where large financial transactions occur - such as ensuring those responsible for authoring payments have MFA on their accounts.

More information

For more information see our list of useful resources for each chapter of this guide.

Last edited: 26 September 2022 2:00 pm

Chapters

  1. Data Security Standard 6 - Responding to incidents
  2. Incident reporting (6.1.1)
  3. The incident reporting system (6.1.1)
  4. Incident management system (6.1.1)
  5. An informed and empowered audience (6.1.1)
  6. Notifying local leaders, national bodies and individuals of a data breach (6.1.2, 6.1.3)
  7. End point anti-virus (6.2.1 - 6.2.9)
  8. Always on, always connected, always up to date (6.2.3 - 6.2.4)
  9. Blocking web malicious content (6.2.5)
  10. Email server software (6.2.6 - 6.2.9)
  11. Acting upon known vulnerabilities (6.3.1 - 6.3.5)
  12. NHS Cyber Alerts Service (6.3.2)
  13. Repeat data security incidents (6.3.5)
  14. Monitoring (6.3.4)
  15. Fraud (6.3.4)