Is your business ready to fight fraud?
Nearly half of the world’s organizations have been victims of fraudulent activity during the past two years. Here are some tips for preventing security breaches from hitting your business.
Technology is a double-edged sword for today’s businesses. While advancements can boost efficiency and increase the speed of doing business, they may also mean risks. And as technology becomes more advanced, aspiring fraudsters do too. “In this environment, where we’re seeing speed-to-payments, it’s crucial to ensure that the business has a solid focus on internal security procedures and controls,” says Mike Kelley, FVP, business information security officer at Truist.
Nearly half (47%) of surveyed global organizations reported they experienced fraud over the past two years—the second-highest rate since 2000.1 With COVID-19 increasing the instances of business email compromise and other scam attempts, cyber fraud risk is expected to continue to rise.2
Not only can security breaches have a financial impact, they also affect employee morale and brand perception.1 In this new era of increased remote work and more determined threat actors, it’s important for you and other leaders to be doing what you can to prevent cyber attacks. Start with these simple best practices:
Tips for staying ahead of fraud
- Examine your business's social media channels to make sure you're not sharing information a fraudster could use, like when executives may be on vacation. Ask employees to do the same with their profiles.
- Monitor your business credit report regularly to watch out for unauthorized accounts. And review your bank account activity frequently—daily, if you can.
- Consider whether company—wide out-of-office messages are necessary, especially at the executive level. If someone knows you're out of the office, they might determine it's the right time to strike.
- Conduct financial transactions on a dedicated computer that's not being used regularly for email and other programs.
- Verbally confirm emailed requests for payments and set up a system where at least two company employees are involved when payments are being made.
- Ensure any bank statement are encrypted and delivered electronically, as physical mail is easier to compromise.
- Require complex passwords for all of your employees, change passwords regularly, and don't share them or write them down.
- Have a well—communicated plan in place in case a security breach does happen.
A tale of two business leaders
Roger lets his office manager, who’s been at the organization for several years, oversee vendor relationships. A new vendor comes recommended by this office manager. However, the vendor also works with the office manager to pad invoices with additional shipping fees and slightly higher prices than originally negotiated. In exchange for looking the other way, the office manager splits the profit. The fraud continues for months because no one else is monitoring the transactions.
Patricia routinely vets all new vendors by verifying their assigned tax ID, phone numbers, and confirming business ownership through registration databases. She also cross-references her findings with her employees’ information to ensure there isn’t an undisclosed conflict of interest. Finally, Patricia’s organization has established segregation of duties—those who authorize orders do not also process payments. That way, at least two employees are always involved in each transaction.
No organization is exempt and there are a lot of potential opportunities for fraud across the spectrum. To be prepared, ensure that you have a well-defined fraud prevention plan in place.
A quick self-assessment can determine where you should be focusing your efforts. The more "yes" answers you have to the questions below, the closer you are to being prepared against a security event. Let's find out where you stand.
- Does your business require two people to sign off on all payments?
- Are your vendors contacted directly by phone to confirm any changes to payment instructions?
- Do you verify internal requests for payments via phone calls or face-to-face interactions?
- 37% of fraudulent attempts were committed by insiders, and 20% were the result of internal and external perpetrators working together.1
- Has your organization looked at its social media accounts and out-of-office communications, and other online user entitlements?
- Does your business have a schedule for reviewing signers, bank authorizations, and other online user entitlements?
- Do you use the latest anti-virus software and restrict entry points into your business network?
- 40% of companies plan to increase spending on fraud prevention.1
- Are your employees regularly educated on security best practices like password complexity and avoiding phishing scams?
- Are your business account activity and credit history reviewed on a set schedule?
Get ready to fight back. We can help.
Talk to your Truist relationship manager about protecting your business from fraudulent activity.