Sophisticated criminal networks don’t discriminate against company size or industry. However, if you make regular and large payments to third parties then you have a significant exposure and are increasingly more likely to become the target of fraud.
With the right guidance, businesses can focus their attention on cost-effective measures that can significantly improve their resilience. The Cyber Essentials initiative from the UK government identifies that small to medium sized companies should:
1. Maintain a firewall;
2. Choose the most secure settings for devices;
3. Control who has access to data and services;
4. Protect against viruses/malware; and
5. Regularly update security patches.
Employee mistakes, their deliberate actions or their manipulation, can easily negate your security measures. Increasingly sophisticated criminals are focusing their attention on a combination of electronic and human interactions to achieve their objectives.
Being able to spot fake emails, payment or information requests can save your business significant time and cost. The threat of cyber crime is continually evolving however the two main objectives of a fraudster remain the same:
1) theft of money; and
2) theft of data.
There are a number of measures that businesses can adopt that will improve their ability to identify and manage cyber crime. Below we’ve taken a look at three which have been shown to reduce the likelihood and impact of an attempted theft of money:
1. Segregation of duties
No one employee should be able to initiate, authorise and reconcile a transaction from start to finish. This separation of duties ensures that anyone seeking to initiate fraudulent behaviour will be quickly identified.
2. Dual authorisation
No one employee should be able to make an electronic transfer without authorisation from another. Limits on the amount of money transferred should be set that require senior management agreement.
3. Call back procedure
Any request to amend banking details of existing customers or make large electronic transfers should require a call back procedure to a previously established contact number. Impersonation fraud can occur under many different guises.
A consistent message to all employees is required to create the right culture that seeks to protect the data your business controls. Good cyber crime practices should ensure that sensitive information is only be available to employees that require access.
Embedding effective procedures within your business and ensuring that employees are sufficiently trained will reduce your cyber crime risk. Time and time again failures occur as a result of employee intervention that could have been avoided.
Originally posted by Get Indemnity
This guide is for information purposes and based on sources we believe are reliable, the general risk management and insurance information is not intended to be taken as advice with respect to any individual circumstance and cannot be relied upon as such.