Today’s headlines are troubling – data breach, records hacked – but the real threat for most businesses comes from the inside. Many problems happen when an employee inadvertently invites a cyber-attack with their actions.
To counter bad habits and lack of preparation, you need a defensive framework for a strong security defense. Deploying multiple security layers will limit fraud and theft. Your business must increase its vigilance by establishing standards and monitoring anomalies to defeat cybercrime.
First, consider establishing enterprise-wide policies for:
Payments – Establish procedures, limits and require dual-approval for all payments
Online Banking – Restrict access by staff and isolate the computer used to contact the bank
Computers – Establish rules for web access, e-mails and mobile devices
Account Access – Employees should have the most limited access needed to perform their job
Monitor Transactions -- Utilize alerts and fraud prevention tools to monitor transactions
Next, proceed through the checklist to make sure you secure all of your defenses.
Training -- The Most Critical Step
Protecting your company begins with preparing your employees to assist in keeping your computers, networks and workplace secure. Drill these fraud prevention facts into their daily routine:
• External E-Mails Are Not Secure. If it comes from the outside, be careful, even if it is from someone you know. Crooks use slight address changes, fear or time-sensitive requests to trick us into a mistake that can lead to fraud.
• When In Doubt, Throw It Out! Do NOT open suspicious e-mails, links, tweets, posts, videos, online ads, messages or attachments even from someone you know. Do not open files unless you are expecting them.
Prevention
COMPANY CONTROLS & MONITORING
• Require ‘Dual-Authorization’ for all payments, wires, ACH transactions, check and card purchases over a specific amount.
• For internal networks and online banking access, limit administrative privilege solely to those users who need it.
• Set up available alerts to monitor transactions and all system changes.
SET UP EMPLOYEE FIREWALL
• Secure your mobile devices, computer, laptop, desk and office against unauthorized access.
• Train your team to be cybersmart and able to recognize phishing and social media scams.
• Learn about cybersecurity to protect yourself, your family and the office.
• When a security threat or question occurs, know what to do.
Protect Against Attacks
COMPUTERS
• Use a dedicated computer(s) for banking access; no email or web access should be allowed at all.
• Use anti-virus software, install an anti-malware tool (like Trusteer Rapport-available thru our website) and protect all devices that connect to the internet.
• Disallow use of USBs and external devices if not needed.
• On a regular basis update all applications and software to maintain a strong defense.
• Avoid using unsupported Operating Systems (OS) (replace Windows XP if it is still being utilized).
• Do not open links or download software unless it is from a trusted source.
• Avoid Wi-Fi hotspots; most are not secure.
• Secure Company Website against malware and attacks.
• Dispose of old computers properly and erase the hard drive.
MANAGE CHECK SUPPLY
• Use only a trusted, established check vendor and monitor check orders to make sure checks are delivered on time.
• Use a unique check style and incorporate security features (like micro printing or watermarks) into your design.
• Securely store all checks, deposit tickets, check printing equipment, remote deposit scanner and endorsement stamps.
• Never sign checks in advance and limit the number of signers.
Detect Problems
INTERNAL PROCEDURES
• Conduct a Daily Transaction Review of all outgoing items (ACH, wires, and checks), incorporating Positive Pay (check & ACH) and other options to identify fraudulent items.
• Reconcile all bank accounts each month. Also, separate duties so a different person issues payments vs. the one that reconciles the bank accounts.
• Review audit logs of your online banking system.
• Void checks once they are deposited and destroy them based on bank retention period.
• Verify Vendor Information - require confirmation before paying a new vendor or making a change of address request.
Respond To Suspicious Activity
• Never solely accept email instructions to authorize an ACH or wire transfer.
• All payment requests from out-of-office executives (CEO/CFO) should require 2nd approval before processing.
• Take heed and follow up if you or your staff finds that “something is not quite right” about a certain situation or routine. For instance:
• Is the user accessing online banking from a different location?
• Are the transactions typical for your company?
• Are there new payees or changed data you were not expecting?
• If you are suspicious, investigate to determine if action is needed to address a problem. Call your bank with any questions.
• Be suspicious of dropped internet sessions after entering your online banking login credentials – your session might have been hijacked. If it happens, call the bank immediately.
Protecting your company begins with preparing your employees to assist in keeping your computers, networks and workplace secure. However, you need to understand, all the prior steps will be wasted if you don’t train your employees to keep security as top of mind. A well-trained employee can serve as your eyes and ears and can be your first line of defense for fraud prevention.
Contact Treasury Services for more information on our Fraud Prevention services.