By Shira Landau, Editor-in-Chief, CyberTalk.org
EXECUTIVE SUMMARY:
This year, in honor of International Fraud Awareness Week, we’re excited about sharing actionable ways in which your organization can reduce the risk of cyber fraud.
Digitally enabled fraud can undermine your enterprise in seconds, causing minor meltdowns, miscommunications and market losses. The impact of fraud extends beyond operational deceleration and financial dips. Fraud erodes trust in a business, potentially leading to a dry pipeline, low sales volumes and business bankruptcies.
In our speed-driven business culture, the impulse may be to move fast to survive, without taking the time to enhance fraud prevention. But ‘the faster things move’ doesn’t necessarily translate to ‘the quicker they improve’.
A consistent, methodical approach to fraud prevention can lead to greater certainty around revenue, better customer experiences, and more engaged employees – all of which contribute to a stronger, healthier business.
Recognize fraud prevention as an opportunity through which to achieve better business outcomes. Here are 10 pro tips to help your business reduce cyber fraud risk:
1. Stop phishing. Phishing involves messages sent from fraudsters, who are either posing as legitimate organizations or individuals. It’s a leading catalyst of corporate swindles. To prevent phishing, secure inbound, outbound and internal emails.
Implement robust email security tools that can identify novel email schemes, eliminate threats before they reach users (without affecting workflow or productivity) and that provide granular insights into the types of phishing attacks hitting your organization.
2. Get tough on passwords. Fraud may be committed by someone – either internally or externally — who’s broken into your corporate accounts. Ensure that everyone within your organization uses tough-to-crack passwords that involve letters, numbers and symbols.
Be sure that passwords are changed frequently. Prohibit the use of shared usernames and passwords. When employees depart from the company, ensure that login information is updated efficiently.
Beyond that, change your wireless network default password, along with the default name used to identify your network. Avoid sharing the network name widely and consider encrypting the network.
3. Transaction monitoring. Fraudsters may attempt any of a variety of different types of payment fraud. To block this type of brazen business abuse, review and reconcile bank accounts on a daily basis. This will allow your organization to observe discrepancies and to take action around suspicious transactions or missing payments.
In addition, when it comes to account-related requests made by company executives, consider requesting that all orders and changes are verified by phone or in-person, rather than relying on email confirmation alone.
4. Machine learning (ML). Some organizations encounter deceptive, duplicitous attempts on a frequent basis. This is where the volume of data might overwhelm teams. It’s also where machine learning can help teams scale fraud prevention.
A machine learning system can study historical patterns, sift through massive volumes of data, identify new patterns, and suggest risk management rules accordingly. Due to the nature of ML tools, these systems can also improve over time, providing increasingly helpful insights and analysis, while lessening the burden for your security team.
5. Routine fraud reviews. All enterprises should evaluate the utility of existing fraud-prevention software and procedures to ensure that they effectively safeguard against fraud (and haven’t been manipulated in any way). Some organizations find it helpful to have both in-house staff and trusted external partners carry out such reviews.
6. Security training for executives. Fraud schemes commonly target or involve impersonation of the c-suite. These types of attacks are notoriously difficult to detect and defend against, especially if top management lacks a high level of security awareness.
Ensure that top management receives dedicated cyber security training. Leaders need to know about BEC scams, deepfakes, spear phishing and whaling to not only avoid business compromise, but also to set an example for the rest of the organization.
7. Implement data encryption. Fraudsters may attempt to peer into a business’s email transactions to obtain information, enabling the fraudsters to execute well-disguised scams at a later point in time.
Protect sensitive information during transmission and storage. Encryption simply provides another layer of security. Should the data see interception, fraudsters won’t be able to parse through it and weaponize the information for nefarious purposes.
8. Collaborate with experts. Partner with industry experts and consultants to make more informed decisions, to identify weaknesses within your security, and to develop strong business resilience strategies.
9. Establish a cyber security oversight committee. A dedicated cyber security oversight committee —comprised of key executives and experts— can provide strategic direction, oversee cyber security initiatives, and ensure that the organization remains proactive in addressing evolving threats.
10. Appropriate technology. If your organization has work-from-home and/or ‘hybrid’ employees, do you have the technology in-place to both run fast and achieve robust cyber security control at the same time? Solve connectivity and security issues with SASE, SSE and automation. Learn more here and here.
Further thoughts
Although a few of these recommendations reflect basic best practices, even the most basic controls can avert a cyber attack — the key is to do the basics well and to then elevate your cyber security and fraud prevention measures with more sophisticated prevention techniques.
Stay ahead of fraudsters. For more fraud fighting tips, please see CyberTalk.org’s past coverage. Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.
