Proactive Considerations for Mitigating Financial Cyberattacks

Whether it’s a compromised business email, ransomware, accounts payable fraud, mail theft, or an investment scam, we’ve all heard of, experienced or know someone who has fallen victim to one of these fraud trends. Even as technology companies and financial sectors work together to develop innovative ways to protect accounts and businesses, hackers are working simultaneously to develop their own “innovative” methods to gain access to money that isn’t theirs.

These frauds were further underscored over the past 18 months as businesses worked remotely, relying on technology to communicate and keep teams connected. This also translated to an increase in supply chain attacks, insider threats, and extortion tactics as more sensitive information, such as business accounts, contracts, and projects, is now living permanently in the world of the internet and technology.

With cyberattacks slated to cost businesses $5.2 trillion worldwide within five years, business leaders must make an investment and effort to proactively protect their businesses from fraud, regardless of size, rather than spending money on damage control.

But how? Here are six best practices to keep your accounts safe from fraud.

• Setup Alerts in Online Banking: One of the fastest ways to know if an outsider has accessed your account is to set up online banking alerts to notify you when wire or book transfers are made. Contact your bank to select alerts that make the most sense for you – whether it’s a phone call, text message or email.
• Pick Up The Phone: While we have come to rely on email and other forms of communication, it’s important to call with your financial institution and your banker directly for anything immediate; verbally validate who you are speaking with and any requests that are made regarding your account. The same holds true with vendors and partners. Confirm all changes received via email such as address or accounts payable information.
• Maintain Strong Account Oversight: Consider reconciling accounts daily to not only help you stay organized in real time but also mitigate the risk of fraud and hacks. Simultaneously, consider a separation of duties amongst employees, ensuring that no single employee has access to every part of the company’s financial accounts, apart from the CFO or designated executive.
• Use One Device: While devices certainly make logging into accounts easier by memorizing passwords and usernames, they can also make a business vulnerable to being hacked. If employees are currently using multiple devices to access financial accounts, consider using just one device per approved employee, and ensure that all devices are protected and security software is updated. This can be an effective strategy for not only protecting your business from hacking and fraud, but also if a device is lost or stolen.
• Take Online Precautions: Employing a strong IT team can make your work environment far more difficult for fraudsters to infiltrate. Your team can install and update anti-malware protection and device software as well as help educate employees about Phishing, why it is important to avoid clicking or responding to emails from an unknown sender ( “think before you click”), and how to change and construct passwords on a regular basis.
• Have Strong Password Management: Ensure your personal or business email accounts do not share the same passwords used to access social media or other public websites. Use strong passwords and when possible use multifactor authentication, such as Google Authenticator.

These tips and considerations can provide a layered approach to account security. However, it is just as important for business owners and employees to understand the steps to take in the event of a breach:

• Identify what was compromised
• Notify your financial institution
• Contact your insurance provider (consider adding Cyber Security insurance if you don’t have it)
• Ask for help from IT, legal and finance departments or providers
• Have an incident response plan, test it, and follow itFollow reporting
• requirements; law enforcement, regulatory agencies, etc.
• File a complaint with the FBI/Internet Crime Complaint Center https://www.ic3.gov/

Due to the ever-changing nature of technology, it’s important that businesses strive to catch up and close the gap, protecting themselves from cyber-threats that exist in the post-COVID 19 economy that is fueled by technology.

Your financial partners can be huge assets to help protect your funds and identify gaps, create a response plan, and point you in the right direction of other trusted partners that might be beneficial to you and your company.