By Melissa Giddens
Digital fraud, once mainly the concern of large organizations, has become a significant threat to businesses of all sizes. As customers demand more online offerings and businesses conduct more financial processes online, even small organizations have become routine targets. Many are perhaps more vulnerable to cyberattacks because of the high cost of security systems and staff to run them.
One of the best front lines of defense to stay a step ahead of cyber criminals is to have well-trained and empowered employees. It’s an investment, but one that pays off. According to The Association of Certified Fraud Examiners, companies that provide their employees with anti-fraud training programs and continuing education experience fewer cases of fraud and experience significantly less costly losses.
The first step to mitigating the risk of digital fraud is understanding the types of fraud that can occur. Here are some of the most common types of attacks that target businesses:
• Account takeover. Cyber criminals deploy malware on an employee’s computer to obtain confidential information to access accounts and commit fraudulent acts.
• Imposter fraud. A fraudster poses as a person or entity you know and trust to request payment or a change to vendor payment instructions.
• Denial of service attacks. This is an attempt to make a system or network unavailable, which can prevent companies from connecting to bank portals.
Once you understand how your organization can be attacked, business leaders need to evaluate the potential vulnerabilities of their organization. It’s difficult to ‘think like a hacker’ but approaching your system’s security from the outside is an excellent way to identify potential avenues a cybercriminal would use to gain access. It’s worth hiring a security vendor to evaluate your security systems and identify potential threats
Perhaps the most important step is to educate your employees about these potential attacks and empower them to question anything that seems suspicious or unusual. Here are some best practices organizations should consider for employee education:
• Teach what to look out for. Include a course on fraud in new employee orientation or training programs.
• Don’t trust email. Teach employees to be suspicious of links and downloadable attachments. Instruct them never to install programs unless they are certain they are from a trusted source. Delete emails from questionable senders without opening them. Never give out banking credentials via email. And from time to time, test employees to see if they are following these guidelines.
• Verify payment instructions. Verify requests by calling the person you know at the company and using contact information you already have on file.
• Establish continuing education programs. Even employees who learn about fraud can still fall victim to it. Keep fraud top-of-mind by requiring continued courses on fraud prevention and frequent reminders to stay ahead of attacks.
Beyond educating employees, businesses can also stay safer by implementing preventative protocols and procedures for technology use. The best way to decrease vulnerability is to employ a multi-pronged approach. Solutions to consider include:
• Add multiple levels of control and separation. Build processes to ensure no single person can approve a payee account-number change or enter an account number into your ERP or online banking systems. Separate payee account changes from the routine invoice-approval process.
• Secure your Wi-Fi networks. Make sure your network is secure and hidden, and turn on the encryption so that passwords are required for access.
• Download and install all software updates for your operating systems as they become available. Keep your computer operating system, Internet browsers, and other software up-to-date for additional protection against fraud and theft. Use a dedicated computer for solely for financial purposes restricting access to non-financial websites and applications. Turn on automatic updates to better protect your computer.
To learn more about how to stay one step ahead of cyber criminals, talk to your banker or visit www.watrust.com/security/fraud-prevention for more information.
Melissa Giddens is vice president and senior treasury management officer at Washington Trust Bank. Drawing on her 20 years of experience in treasury management, she helps companies develop optimal account structures, implement best practices for streamlining payables and receivables, and mitigate their risk of fraud. Melissa recently won the Frank E. Zima Payments Advocacy Award from the west coast’s regional payments association, WesPay. She is a Certified Treasury Professional (CTP), Accredited ACH Professional (AAP) and National Check Professional (NCP).
Washington Trust Bank