The threat of cybercrime and Internet fraud looms large in 2014. With the expansion of global markets comes a rise in tech-savvy criminals who are poised to breach privacy and threaten organizations across the world.
“To protect not only their own information but their customers’ as well, companies must be more vigilant than ever against a wider range of fraud and scams,” says John L. Hayes IV, senior vice president of the Western Pennsylvania Middle Market, Chase Commercial Banking.
Smart Business spoke with Hayes about how you can protect your business.
What constitutes fraud?
The fast and easy definition is an intentional misrepresentation of facts with the intent to mislead. But it’s not always as black and white as a stolen identity, falsified financials or stolen data. If your business is negligent and fails to act on suspicious information or red flags — or simply fails to verify the information you’re provided — you could be complicit in another’s fraudulent actions.
What are some examples of fraud that impact businesses?
There are a number of fraudulent schemes your business might encounter, such as:
- Check fraud. The most common fraud committed, it includes counterfeit, altered and forged checks. In an Association for Financial Professionals Fraud and Control Survey, 82 percent of respondents reported that checks were the primary target for business fraud attacks in 2013.
- Payroll fraud. Payroll fraud occurs when an employee or vendor makes false compensation claims and attempts to collect more than they’re owed.
- Internet fraud. Cases of Internet fraud grow every year as criminals get smarter and companies get lax about security. If your company’s data isn’t properly protected, hackers can break into your servers and steal private and confidential information about your company, employees, vendors and/or customers.
- Phishing. Phishing attacks are carried out via fraudulent emails, instant messages or messages on social media sites that dupe targets into providing sensitive information or carry malicious software.
You can find an in-depth list on the FBI’s website (www.fbi.gov/scams-safety).
How can businesses defend themselves?
The best safeguard is education and training. Businesses have a responsibility to implement internal control strategies, which range from requiring sophisticated fraud-prevention training programs to instituting reporting requirements and operating procedures when attacks occur. To protect your business from the financial loss, reputational risk and liability of a breach, utilize the following best practices.
Limit mobile device access. As businesses allow and encourage bring your own device policies, hackers have responded by designing malicious software that targets mobile devices, which are capable of leaking sensitive data. Experts estimate up to 10 percent of legitimate apps could potentially leak logins and passwords, nearly 25 percent may expose personally identifiable information and 40 percent communicate with third parties. If you have networks that access sensitive information be particularly wary of allowing employees to use unsecured systems and devices at work.
Combat phishing with social media awareness. Through the wealth of public information from social media profiles, such as names, job titles and birthdates, phishing scams have become extremely convincing. Fraudsters pose as a trusted client or friend, and employees can be deceived by the information mined through a few Internet searches. Educate your employees about the risks, train them on utilizing the privacy features of social networks and show them the hallmark signs of phishing attempts.
Use a Virtual Private Network (VPN). When employees work remotely, data travels from server to server on the Internet, becoming less secure with each jump. But within a VPN, encrypted information is transmitted directly from computer to computer, reducing the risk of sensitive data being harvested by infected servers.
Conduct regular audits. Aside from the fact that this may be a compliance requirement, there’s simply no better way to see what’s working and what’s not than to conduct consistent audits of internal and external security policies and processes.
Insights Banking & Finance is brought to you by Chase
