Understanding the Threat of Cyberattacks
According to experts, the pressing issue is not if, but when your company will face a cyberattack. The frequency of these attacks is on the rise. The Telstra Cyber Security Report 2017 found that 59% of Australian organizations were detecting business-interrupting security breaches on at least a monthly basis, a significant increase from 24% in 2015. Cyberattacks can target any type of business.
For instance, Consumer Affairs Victoria reports that cybercriminals have hacked into the email accounts of real estate agents. After an agent emails a home buyer the trust account details for a deposit transfer, hackers send a second email claiming the details were ‘incorrect’ and provide false account details, leading to payments into the wrong account.
Research also indicates that attacks can remain undetected for extended periods. The Brisbane outlet of safety wear brand Totally Workwear experienced a breach when thieves hacked in and altered the banking details of five suppliers. It was only after a creditor complained about non-payment that the company discovered it had lost $76,000.
In another case, cybercriminals impersonated the CEO and COO of a large business, sending spoofed emails requesting large payments. The financial controller, not realizing the scam, made two payments to the cybercriminals' overseas accounts, totaling over US$500,000.
Finance and accounts payable departments are particularly attractive targets for cybercriminals due to their control over company finances. Here are five steps to help protect your department from cyber scams:
#1: Understand The Risks
The tactics used by cybercriminals are constantly evolving. They include social engineering, malicious software, phishing, ransomware, business email compromise, and even recruiting insiders. Understanding these threats and identifying your organization's specific vulnerabilities is your first line of defense. Consider testing your processes and systems with the help of external experts.
#2: Beef Up Your General Security
Passwords are like underpants: they need to be changed often, shouldn't be shared, and shouldn't be left exposed. Strengthen your company's passwords by requiring more complex combinations of characters. Restrict user access to systems and applications, and ensure that former employees no longer have access. Review remote access vulnerabilities, as cybercriminals increasingly use Microsoft's Remote Desktop Protocol (RDP) to spread ransomware. Ensure you have robust cybersecurity and spyware software, proper firewall settings, and regularly update and patch your systems. Regularly back up important data to recover it if attacked.
#3: Tighten Your Payments Security
Examine your payments processes to identify weaknesses. Ensure clear separation of duties among staff and add verification steps. Foster a culture where staff feel safe questioning suspicious requests. Encourage verification of money transfer requests and changes in vendor payment details, avoiding reliance on email. While checking with senior executives or verifying by phone are options, they are time-consuming and risky. Independent third-party verification systems like Eftsure's “Know Your Payee” Solution automate payment checking and supplier verification, saving time and reducing human error.
#4: Train Your Staff
Equip employees, especially those in finance and accounts payable, with the skills to spot and respond to threats. Implement cybersecurity awareness programs, workshops, and simulations to teach staff how to recognize spam and phishing messages. Educate them on creating strong passwords and reporting suspicious online activity.
#5: Make Cybersecurity Part of Your DNA
Consistently remind staff at all levels about the risks of cybercrime to build a strong security-conscious culture. Set the right tone from the top down, with management leading by example. Continuously review and improve your defenses, as cybercriminals are constantly enhancing their tactics.
