Fraud prevention is more important than ever as business finances are increasingly digitized
Online money management, payments and transactions are becoming evermore sophisticated and, of course, this is good news for both businesses and individuals. Unfortunately, online finance fraud is also becoming increasingly advanced, with even the smartest and most savvy individuals being vulnerable to fraud tactics such as phishing, malware, and identity theft.
The fact is that online fraud can not only be devastating to businesses financially but can also negatively affect reputation and customer trust. For this reason, there is now no longer any excuse to not have clear security measures in place to prevent online fraud.
Here are some tips for ensuring the safety of both your business and your customers:
Educate your staff on phishing attacks
“Phishing” is a form of identity theft where criminals will email or phone a business pretending to be a representative from their bank (often, ironically, from that bank’s “Fraud Prevention Team”). Their goal is to extract sensitive information such as passwords or online account details. Criminal phishers can be masterful at masquerading as real customer service advisors, often gaining people’s trust with official-looking emails. Worst of all, these attacks might not only affect your business directly — if you hold database information on your customers, then information about them could be phished as well.
How to prevent it: It is unheard of for banks to contact businesses to ask for passwords, so this should be treated as a red flag the moment that it happens. Therefore, it is crucial to educate every single member of your team to never give out sensitive information, under any circumstances — even if the person who has emailed is claiming that it is an emergency. The same rule should also apply to private customer information as well, especially if you have a call center or hold a large database.
Be aware of “CEO spoofing”
These days, devious fraudsters have found a way to extract large amounts of cash from businesses by masquerading, via email, as the company’s CEO. Often they will target the business when the CEO is known to be on holiday or away at a conference (something they can find out very easily by scanning that individual’s social media accounts). They will then create an email address very similar to the head of the company, email the finance department and request that a large sum of money be sent to a particular account urgently. Think that no one on your team could be fooled in this way? Think again. Remember that most of us don’t check senders’ email addresses too carefully and also, most employees are only to keen to meet a CEO’s requests quickly and efficiently without argument.
How to prevent it: Create a safety measure where emailed requests for money transfers must always be double checked by a senior team member or confirmed through a phone call to the CEO. Ask all staff to be vigilant about checking senders’ email addresses when requests for money or sensitive information are made. Also, consider whether it is prudent for company executives to share details of their holidays on public social media like Twitter.
Avoid invoice fraud
This is very similar to “CEO spoofing” but in this case, fraudsters will pretend to be a company’s normal supplier and will contact them asking for bank account details to be changed before the next payment. Over half a million businesses in the UK have been the victims of this fraud, so it is clearly a popular strategy with criminals.
How to prevent it: Create a safety measure so that when a supplier asks for their banking details to be updated, a senior member at that business is contacted as a matter to verify that the request is genuine.
Check your credit rating regularly
It may be possible that someone — perhaps even a member of your staff — could have taken out a credit card against your business name and is now racking up bills. This, of course, can have very negative ramifications on your credit score (and while you may consider this fraud to be unlikely, it certainly never hurts to check).
How to prevent it: Thankfully, it has never been easier to keep on top of your online finances and access your credit file. In fact, this is a safety measure that should be conducted at least annually as a good practice strategy for protecting your business.
Keep your internet security software up-to-date
When malware such as viruses or spyware finds its way onto a staff member’s computer, it can be devastating to an organization. From viruses that crash your entire system (and put your business out of action for days or even weeks) to spying technology that captures banking passwords, businesses (and by extension their customers) can suffer from large financial losses through the use of malware.
How to prevent it: Ensure that your IT team has best practice guidelines in place for checking that anti-spyware and anti-malware software is up-to-date and assessed regularly. Also, it is important to create security measures that prevent staff from simply downloading software onto their computers (instead, only your IT team should have these administrator privileges). Additionally, educate all team members on the importance of not opening suspicious-looking emails or clicking on internet links that might be untrustworthy.
Treat online finance security as an ongoing project
Creating a robust set of safety measures and best practice guidelines to protect your business’s online finances is not a one-time act. Nor should guidelines be written, placed into a folder and then simply forgotten about. Instead, all guidelines should be reviewed annually in consultation with your IT team and should take into account new types of fraud. Also, as part of their induction, all new team members should be made aware of issues like phishing and malware.
The fact is that fraudsters will never stop thinking up ever more devious and subtle ways to defraud your business. So this means that you, in turn, should never stop staying one step ahead in protecting yourself against their tactics.
Written by: Mike James, BOSS Contributor