In a world of digital financial networks and online commerce, the risks of cyber fraud are greatly increased.
What is cyber fraud?
Cyber fraud is criminal activity that either targets or uses a computer, a computer network or a networked device. Usually, cybercriminals or hackers set out to make money… but some have political or personal motivations.
Businesses face increased financial risk as criminals get more sophisticated. Often criminals target the finance team, especially the accounts payable function which influences critical payment processes.
What can businesses do to protect themselves against this financial fraud? Here are some guidelines.
1. Consider this a people and process challenge, not an IT challenge
It’s important to acknowledge that humans are generally the weakest point in any process (NOT Information Technology). For example, a firewall which is not monitored has no value. And antivirus software alone can’t prevent infection.
2. Update authentication and review processes
Robust payment processes help team members act wisely and consistently. An example is setting rules on how payments are approved to prevent unauthorized, fraudulent payments as well as mistakes. This may involve designating an ‘approver’ for certain types of transactions AND requiring them to follow a validation process. For example, perhaps they should match an invoice with a purchase order. Or – even safer – perhaps they should match the invoice and purchase order with the received goods or services.
3. Review password policies
Longer, complex passwords increase security BUT can also cause password reuse, people writing them down and storing them in vulnerable places. The best policies will mandate complex passwords AND use of a reputable password manager that stores encrypted passwords. Multi-Factor authentication should also be used for all applications, including email.
4. Spam filters and anti-virus software
These tools have an important role but, remember, they cannot protect against insider scams or social engineering scams.
5. Segregation of Duties
Segregation of duties means that no single employee can control multiple stages of any accounting process such as reconciliation, custody of assets, authorisation and record-keeping or bookkeeping. Acknowledge that EVEN long-term, trusted employees can be perpetrators of fraud.
6. Create awareness of social engineering scams
A common example of fraud involves criminals impersonating trusted parties to create fraudulent payments. For example, a Finance Director may be impersonated to request certain action, like initiating a payment or altering banking information. Some of these scams lack credibility… but their prevalence shows that they work in a disturbingly high number of cases.
7. Develop a counter-fraud culture
You cannot completely eliminate human error (or criminal behavior) but raising the profile of the conversation and providing continuing education is a start. Management buy-in will help cyber fraud get the attention it requires. Keep in mind that the absence of fraud doesn’t mean it isn’t happening… because there is usually a lag between fraudulent actions and the impact of those actions. Ideally, the culture should inspire people to report suspicious incidents. There should be a commitment to ongoing fraud awareness, social engineering training, and implementing proper policies and procedures.
How prepared are you for the growing risks of cybercrime?
If you have any questions, please feel free to contact our office.