By Stacey Coyne and Lisa Morrissey
Fraud continues to present a major challenge for businesses regardless of industry or size. The Association of Certified Fraud Examiners notes that a typical organization loses 5 percent of revenues to fraud each year and this number rises to 28 percent for businesses with fewer than 100 employees.
One question we hear frequently from clients is, “How do I stop it?”
Although it’s difficult, if not impossible, to eliminate fraudulent attacks against your organization, you can arm yourself and your teams to better identify and protect against them.
Here are some best practices:
Never trust your email
Of course you should read and respond to email – but what continually catches people off-guard are the clever ways in which email can lead to fraudulent behavior. Just last week we had a client forward this along to us – we changed the company name here but you get the gist. This is just one example of how trying to be efficient with email can turn into an access point for hackers. Notice the red flags in this email. This can look like it’s coming from the CEO but a closer look shows that the address is fraudulent and the language is overly formal.
Create controls for outgoing payments
According to the 2016 AFP Payments and Fraud Control survey, checks and wire transfers were responsible for the largest dollar amounts in loss from fraud with 43 percent from checks and 23 percent from wire transfers.
But how do you protect yourself? We recommend establishing strong internal controls such as segregation of duties, implementing fraud prevention tools such as Positive Pay and enforcing dual control processes.
Train your team
According to the IBM Security Services Cyber Security Intelligence Index Report, more than 95 percent of all incidents investigated recognize human error as the contributing factor. It’s hard to eliminate fraudulent attempts from happening. But training your team to be a first, and sometimes last, line of defense, is invaluable. Remember the how, who, where:
- How is the information sent to you?
- Who is sending the information?
- Where is the information stored?
Protect your reputation
In a recent global survey by the Ponemon Institute, 54 percent of companies believe it will take up to two years to restore their reputation following a breach of customer data. To protect your business we recommend:
- Practice vendor due diligence – know who you’re doing business with
- Conduct risk assessments
- Deploy an incident response plan and practice it
- Place a call – validate all communications to change financial data
- Clean desk policy – lock it up
- Create and enforce a strong Internet usage policy
Online banking guidelines
As we move forward in the world of connected devices, it’s important to monitor your account every day. Waiting every 30 days to reconcile your account exposes your business to attacks that if left unnoticed, can cause irreparable financial and reputational damage.
We recommend:
- Multilevel authentication and appropriate user access
- Set account activity and security alerts
- Dedicate a secure computer for financial transactions
- Establish strong user credentials that are not shared
- Segregate accounts by activity i.e., payroll, merchant, wire
- Keep anti-virus/malware protection current
Remember to be mindful of how you receive information, and from whom. Make sure you secure all sensitive physical and digital information. And most importantly, human error is your biggest risk factor for fraud.
Stacey M. Coyne is Vice President, Cash Management at Rockland Trust. She can be reached at stacey.coyne@rocklandtrust.com. Lisa M. Morrissey is VP/Cash Management Officer at Rockland Trust. She can be reached at lisa.morrissey@rocklandtrust.com.
