Businesses still not investing enough in cyber protection
Published:Wednesday | July 9, 2025 | 12:07 AM
Despite efforts to curtail the scourge in recent years, businesses of every size in Jamaica continue to lose millions of dollars through a variety of online scams, many because entrepreneurs fail to invest in affordable data protection systems.
Some businesses fail to implement two-step verification while using free email addresses for their online financial transactions, making it easier for cyber crooks to fleece them of their money online.
Head of the Fraud Prevention Unit at National Commercial Bank Dane Nicholson says while Jamaica is under siege from cybercriminals from abroad, the greatest threat is internal.
“The greatest cyber threat that they face actually is from insider threat, because the weakest link in the cybersecurity apparatus is people,” Nicholson said at a seminar in New Kingston last week.
“When an SME (small or medium enterprise) falls victim to a ransomware attack, most times it usually starts from clicking on a link or downloading an attachment via an email received from (a fake) supplier,” he said.
He said whilst the financial sector was at greatest risk, businesses in any sector could fall victims of cyber fraud, once they were collecting data on customers.
He gave the example of a local manufacturer doing business in China who lost US$180,000 to fraudsters.
“I know of a case recently where a (business) got an email that their bank information for their supplier in China was changed. They didn’t call back to verify that it was true, yes or no. And US$180,000 later, they realized that it was not so. So, it is absolutely important to ensure that you are aware of these phishing and smishing attacks that your businesses face,” Nicholson said.
CLONED VOICE
Meanwhile, president of the Small Businesses of Association of Jamaica Garnett Reid says over a month ago he was defrauded of US$8,000 when his voice was cloned and used via WhatsApp to ask his associates to send money to someone pretending to be him.
“They took my picture and voice and communicated to my directors asking them to send a certain amount of money like I was overseas. My director sent the money using Zelle (a money transfer app),” Reid told the Financial Gleaner.
Reid said he has reported the matter to the Communication Forensics and Cybercrime Division of the Jamaica Constabulary Force.
Reid said the SBAJ is organising training for its members to educate them about the problem of cybercrime. He said the SBAJ was preparing to sign an memorandum of understanding with a leading security company to assist its members in addressing the problem of online fraud.
Meanwhile, ICT specialist Trevor Forrest is urging companies not to think they are too small to be attacked by online criminals.
“Many MSMEs think it’s not going to happen to them because ‘I’m too small and nobody cares about me or the data that I have.’ You have to remember that small and micro-sized businesses have data in their possession, akin to large enterprises. Small businesses have big clients and threat actors know that all the investment in security has been made by the big clients ... so they look for the small ones as the gateway to defraud the big ones,” said Forrest, who serves on the government’s Digital Transformation Advisory Council and AI Task Force.
Forrest also called on small businesses to move away from using free email services such as Hotmail, Yahoo and Gmail for sensitive business transactions.
“If you have a business, secure your own domain name and have an email address that’s tied to that. So if you’re an ABC corporation, your email address should be myname@abccorporation.com. That goes a far way in legitimising communications,” he said.