In a recent KeyBank cybersecurity survey, theft of client data ranked as the greatest concern for middle market business owners and executives. For good reason. According to CSO Magazine,
cyberattacks set a record in 2016, and the threat environment is going to be even more dangerous in 2017.
Today’s businesses care so much about cybersecurity because, more than ever, they are using digital data to improve service and efficiencies, including online and mobile banking solutions to manage financial transactions. In fact, according to Aite Group more than 75 percent of CFOs are already or would like to perform the following functions through a mobile platform:
- Approve wire payments
- Make pay/no-pay decisions
- Add new users or manage entitlements for existing users
- Approve payroll and other ACH payments
- Initiate wire payments and ACH payments
- Check account balances
- Make transfers between accounts at the same bank
While cybersecurity clearly poses challenges for businesses, 3/4 of respondents in the Key survey feel confident in their ability to prevent such attacks from happening. The reason: the tools and resources to implement safeguards are improving.
Cybersecurity tools
Advances in artificial intelligence, biometrics and education address cybersecurity challenges head on. It’s a case of combating advanced technology with more advanced technology. In order of implementation popularity, the following are the top tools utilized by organizations who are effectively fighting cyber attacks:
- Anti-malware protection (58 percent). These programs prevent, detect and remove malicious software from computers and networks.
- Antivirus protection (57 percent). This software scans all programs run by computers and compares them to known viruses—preventing them from replicating and damaging the computer system.
- Strong password requirements (53 percent). General rule: long and complex equals strong. Businesses can require that employees use passwords that are at least eight characters in length and combine uppercase and lowercase letters, numbers and special characters.
- Social engineering training (28 percent). As the volume of digital data grows, companies must put more emphasis on employee education and process control.
Ideally, training would be a priority for middle market businesses since employees serve on the front line in preventing fraud and security breaches.
Fraud protection
The 2016 AFP Payments Fraud and Control Survey reports that 73 percent of companies were targets of payment fraud in 2015, with many reporting increased attempts. Also of note, middle market companies are becoming equal-opportunity targets. Traditionally, fraud was much prevalent in larger companies, but in 2015, the gap between incidents of fraud between larger organizations and smaller ones closed by 14 percentage points—leaving a mere two percentage point difference.
As fraud schemes become more technologically sophisticated, it’s essential you and your staff adhere to safe online and mobile behavior. Best practices to help protect your computer, mobile devices and associated banking accounts from inappropriate use include:
- Monitoring your accounts closely and frequently.
- Being proactive in working with your IT/security professionals.
- Following your bank’s safe login procedures and only entering your financial or account information on secure sites.
- Being suspicious of any unsolicited messages or attachments and very selective about giving out your contact and personal information.
- Never sending funds to unknown individuals or responding to urgent crisis messages from known senders without first verifying the request.
- Locking computers and mobile devices whenever left for even short periods of time and using dedicated computers for bank business.
- Developing a forum in your company to routinely discuss security best practices.
Also, it is important to understand that many forms of online or offline business fraud are based on the concept of social engineering, in which the perpetrator psychologically manipulates an employee into taking action that will ultimately cost your company time and money.
Typical approaches are based on these well-intentioned actions:
- Transferring cash
- Divulging login data or account numbers
- Executing a wire transfer
- Downloading malicious software
- Allowing someone to remotely control the employee’s computer
While no one can predict every form of cyber-crime and fraud, every company can protect itself by training employees in ways to safeguard sensitive data and protect corporate resources. Most important, employees should understand—and always follow—company policies and practices regarding Internet safety.
Culture matters—prioritize security
Your company’s internal controls are an essential line of defense against fraud. It’s critical to review your internal controls periodically, looking for areas for improvement, identifying weaknesses and adapting to changes in structure, operations or the market.
Equally important is your organization’s attitude toward fraud and creating a culture in which protecting the personal information of your employees, vendors and clients is a priority. Why? In a word: trust.
The value of trust in business may be difficult to quantify, but it is immeasurable. More than ever, people hold organizations to higher standards. They expect your business to do what you promise and what is right. If you don’t, or if you act in a way that betrays that trust, clients will move on…and they will share why they are moving on—your specific failure— with others.
This is why protection needs to be a priority. At every level of the organization, from the mailroom to the boardroom, a culture of accountability must exist in which people know, understand and believe in the protocols that are instituted to not only safeguard themselves against fraud, but also their colleagues, clients and company.
About the author: Jefferson Peters is the Equipment Finance Officer covering the State of Oregon & SW Washington, for Key Equipment Finance & KeyBank NA. He can be reached at Jefferson.peters@key.com or 503.353.2152.