10 Ways to Protect Your Businesses Cybersecurity in 2013
Business owners aren't the only ones preparing plans for a prosperous new year.
"Just like legitimate businesses, fraudsters are planning ahead for 2013," said James Gifas, head of RBS Citizens Treasury Solutions. "During, and just after, the holidays is when many fraud schemes pick up, as more people feel stretched with greater year-end expenses."
Gifas warns companies that they may have several blind spots they're not considering, particularly when it comes to employee fraud.
RBS Citizens Treasury Solutions has identified a number of common security gaps that companies need to be aware of in order to best protect themselves, including:
Weak passwords: Hackers have more processing power to crack passwords than ever before. Use a complicated combination of letters, numbers, and symbols that aren't easily searchable.
"Hidden" passwords: The strongest password in the world won't protect an account if a perpetrator can read it from a slip of paper that has been "hidden" in desk drawer. Keep passwords behind lock and key.
Employee training: Many fraudsters find it easier to trick a person into revealing account credentials than to hack into a computer. Training employees to not provide any user name or password information over the phone or email is a vital measure of protection.
Locking computers: Ensure employees are locking computers each time they leave their desk, even if they're just stepping away for a minute.
Know vendors: It is wise to conduct some due diligence around new vendors or other payees.
Surprise audits: Surprise audits are a good way to detect and deter occupational fraud schemes so that funds can't be manipulated ahead of scheduled financial reviews.
Vacation policies: Making sure that there are periods of time in which employees are away from their desks and have their records available for oversight has been supported by financial regulators for years, but all companies can benefit from this policy. A one- or two-week window can provide the additional transparency needed to expose internal fraud.
Dual approvals: Implementing banking processes that require dual approvals for activities such as payments and wire transfers is an easy way to minimize certain fraud risks. Companies can also require additional approvals before a new vendor is added to a payment system, as well as use debit blocks and alerts to reduce the risk of unauthorized payments.
Checkbook access: Having company checkbooks out in the open leaves bank account information visible and increases the risk of check theft. Always lock up any checkbooks.
On-site collections: Outsourcing collections mitigates the risks that emerge when receivables checks are lying around the office.
"Whether it's our personal banking information or the company accounts we are responsible for, the most basic advice we can give is to use common sense — and make sure your employees do, too," Gifas said. "Walking employees through scenarios and conducting training around fraud threats can help to minimize the headaches and real financial losses that happen when fraud occurs."