Protect Your Business With a Security Framework of Common-Sense Practices and Treasury Management Tools
Oct 04, 2023 12:08PM ● By Scott SharpIf there is one fact to know about cybercrime and payment fraud, FBI data show that both are growing. Those who are perpetrating these crimes continue to evolve with ever-more sophistication to evade detection.
As businesses across South Carolina grow, so too does their need to improve organizational financial processes that protect from information leaks and fraud. An increasing number of online banking activities as well as a growing number of remote workers create an increasingly risk-filled digital landscape for businesses.
Many businesses already have some level of risk process in place. Smart organizations, however, will look for regular opportunities to invest in and implement additional measures in their fight against cyber criminals.
As a business, you cannot afford to ignore the problem. The good news is that there are steps you can take to combat fraud and protect yourself against monetary losses, information breaches, and damage to your reputation.
As October is national Cybersecurity Awareness Month, now is a great time to take stock of your protection measures, strengthen where needed, and address any gaps in your defenses. From putting in place fraud mitigation tools such as Positive Pay and Automated Clearing House (ACH) electronic payment filters, to implementing basic security protocols, it is possible to mitigate the risks, protect your business and respond more rapidly to breaches.
Prevention begins with people
Conduct background checks on all your new hires, including contractors. Many successful cyberattacks leverage someone who is familiar with a company’s systems. Once hired, regularly train and educate employees about fraud and how to spot suspicious emails. They should understand never to click on links or open attachments in emails that indicate your bank’s need for you to update account information online. A financial institution would not email (or text) a customer to obtain or update this information.
It is important to treat security awareness as an ongoing issue. Create and sustain a culture that supports and rewards a “human firewall” of proactive and pre-emptive security measures while empowering employees to report suspicious activities.
No single employee should be responsible for both recording and processing a transaction. Enforce process controls and a segregation of duties, limit the number of people who can authorize purchases, and set a dollar limit that each can authorize.
Be sure to verify all payment orders or account changes issued by company executives, customers, or vendors in person or via an outbound phone call that your team originates. Do not rely on email confirmation or inbound phone calls.
Form and maintain a risk and fraud management committee. Cyber criminals are constantly innovating their techniques, and executives need to meet the challenge head-on by staying up to date on the latest technological and security solutions.
Implement security measures offered by your bank
Check fraud remains one of the most common forms of fraud businesses face. Every check shares the company’s bank routing and account numbers as well as an authorized signature – providing a central vector of attack into your financial accounts.
Fewer paper transactions and more electronic transactions can help mitigate this problem but requires vigilance by the business owner and a financial institution. This can be done in several ways.
One is called Positive Pay. Implement Check Positive Pay, which systemically compares the payee, dollar amount and check number presented on your account with the check register file you have shared with the bank for each check run.
Similarly, ACH Positive Pay, ACH Filters, and ACH Block are great tools to allow for authorized vendors to debit your accounts while preventing unknown withdrawals or other fraudulent activity.
Another electronic counter measure is the Universal Payment Identification Code, or UPIC. This is a unique identifier for incoming ACH credit transactions that acts like a U.S. bank account number but masks your sensitive banking information from customers who are paying your organization via ACH transfers.
Set up a separate business checking account restricted to ACH activity, particularly payroll, and sign up for automated alerts and same-day reporting so you can monitor activity in real time. Working with trusted partners across an organization’s business financial ecosystem (financial institutions, third-party payment processors and companies, etc.) is also important.
And, finally, review and reconcile bank accounts daily to check for discrepancies, which will help flag suspicious or missing payments or wires almost immediately. The faster you can discover an issue and report it to your bank, the better off you will be.
The most basic cyber or organizational controls can help thwart thieves in their tracks. Sometimes good common-sense practices, such as establishing an open-door policy with the CFO for employees to verbally verify account change requests, can create the greatest impediment to these criminals.
While the steps above will compound to create a more solid security framework, implementing at least one of these best practices in the next 30 days can put your growing company steps ahead of fraudsters.
Scott Sharp is Regional Vice President, Coastal Carolinas, for TD Bank. He manages a team responsible for the commercial and small business loan and deposit portfolios in the Greater Charleston, Myrtle Beach, and Hilton Head areas.