Cyber and Financial Fraud Threats
Cybercrime is a growing threat for businesses in the U.S. and around the world. The tactics used to steal information and money are becoming more sophisticated and involve a high level of technical expertise. Because the threats can change from one day to the next, protecting your business requires constant vigilance.
“Businesses of all sizes should be aware that there's a massive industry of bad guys working day and night to penetrate their defenses,” says Stephen Frew, Vice President, Risk Consultant with Johnson Insurance.
“It's impossible to guard against every threat, but there are a number of ways to prevent fraud and mitigate risks by strengthening your security and leveraging fraud prevention services and insurance protection,” says Sandy Bruhn, Senior Vice President, Treasury Management and International Banking Sales at Johnson Bank.
New and emerging cyber threats
Ransomware is one of the most dangerous threats to businesses with the potential to wreak havoc on business operations. Ransomware is typically delivered through spam emails, phishing or applications that target software vulnerabilities. If the attack is successful, a business may be denied access to their computer systems until a ransom is paid. “Because this involves a direct demand of money and shutdown of operations, ransomware attacks are more threatening than residual threats like bots and invasive viruses that steal sensitive information to be used later,” says Frew.
Artificial intelligence (AI)‐powered attacks are another emerging threat. “Self‐learning computers with intellectual problem‐solving ability can be used by the offenders to attack,” Frew explains. “Because AI enables fraudsters to process information rapidly, this is increasingly becoming the weapon of choice.”
Social engineering is at the heart of many problems, and in some cases, AI is used to gather data about a person or their contacts. Email phishing schemes often target businesses with a request for employees to pay a fake invoice, share information or click on an infected link — and these schemes have been surprisingly successful in the business realm.
Impact on small and mid‐size businesses
Small and mid‐sized businesses are frequently targeted and must be prepared for various types of attacks. “Small businesses tend to be in denial about being at risk because they might not perceive themselves as a valuable target; however, they most likely do have valuable data, and it's the vulnerability that makes them the target,” says Frew. “If a business is attacked by ransomware, they may experience loss of data, business disruption, lost productivity, financial setbacks and the loss of their clients' confidence. The costs can be substantial if they aren't protected,” says Frew. A cyberattack can have devastating effects on a business, especially when an organization doesn't have the resources or expertise to deal with the aftermath of an attack. The average cost to clean up after a cyberattack is reported at $690,000 for small businesses and over $1 million for mid‐sized companies in the U.S., according to the Ponemon Institute's 2017 Cost of Data Breach Study.
Defend against cyber crime
Frew recommends taking the following steps to improve operations defenses:
- Designate an incident response team.
- Develop and update written security policies.
- Maintain virus protection software and use encryption for all of stored materials.
- Do a risk assessment.
- Hire a security/privacy officer.
- Train all employees on cybersecurity.
- Consider cyber fraud insurance.
“When you have cyber fraud insurance, the insurance company brings in a team of experts who knows the laws and how to handle an attack. Rather than scrambling to figure out what to do after a cyberattack, help is just a phone call away,” Frew adds.
Learn more about cybersecurity tips in Stephen Frew's new book available on Amazon.com: Cyber Threats: Risk Management Tips for Businesses.
Fight financial fraud
Payments fraud and check fraud are the top financial fraud threats for businesses. “As the use of mobile deposit increases, we're seeing a rise in fraud related to mobile capture. We're also seeing sophisticated wire fraud scams that are initiated by email,” says Bruhn.
According to the 2018 AFP Payments Fraud and Control Survey, 74 percent of organizations experienced check fraud, and nearly half of survey respondents reported an increase in the incidents of fraud attempts compared to the previous year. In addition, 77 percent reported that their organizations were exposed to business email compromise.
Financial institutions have increased their defenses against wire fraud so that fraudsters are no longer focused on hacking into banking systems — they are targeting authorized users and creating schemes to trick someone to authorize a wire transfer. In these types of scams, they impersonate an individual of authority in order to manipulate an authorized person into sending the wire,” Bruhn explains.
Bruhn recommends the following best practices to prevent payments fraud:
- Send payment via ACH. “Paying vendors by ACH is more secure than writing checks. When you write a check, your bank account information is floating out there, whereas ACH is secure and encrypted,” Bruhn notes.
- Use your bank's fraud protection services. “Use Positive Pay to make sure everything matches up when writing business checks,” Bruhn adds.
- Increase awareness of fraud at all levels of the company. Employees should be trained to be extra vigilant and review all communications carefully, even when it appears to come from a known sender. Reinforce processes to ensure payment information is validated and confirmed before sending money.
Assemble your team
No matter how large or small the organization, it's important that someone is responsible for staying current on threats and knowing the proper steps to protecting your business. “Having an IT department isn't enough — a security officer serving as point person can make a big difference,” Frew recommends. If you have questions about how to protect your business or how we can help, contact a Johnson Financial Group advisor today. Visit our Security Center for more information.