Just like legitimate businesses fraudsters are planning ahead for 2013, according to RBS Citizens Treasury Solutions. The bank is conducting a fraud education campaign for corporates to alert them to vulnerabilities, including new online threats that will pose the greatest risk next year.
“During and just after the holidays is when many fraud schemes pick up, as more people feel stretched with greater year-end expenses,” says James Gifas, head of RBS Citizens Treasury Solutions. “And as we look ahead into 2013, companies may have blind spots they may not be considering when trying to protect themselves, particularly when it comes to employee fraud.”
The bank has developed a ‘fraud kit’ for companies to supplement a series of seminars that it is running in 11 cities throughout January 2013. The kit includes a list of best practices for deterring internal and external fraud.
Gifas and his team have identified 10 common security gaps, or fraud ‘blind spots’, that companies need to address to protect themselves when planning for 2013:
- Using weak passwords: “Hackers have more processing power to crack passwords than ever before, and can relatively quickly test all words in the dictionary to see if the right one comes up. Use instead a more complicated combination of letters, numbers, and symbols that aren’t easily searchable.”
- Employees who keep passwords ‘hidden’ in their top desk drawer: “The strongest password in the world won’t protect your account if a perpetrator can read it from a slip of paper in your office. Keep passwords behind lock and key, just as you would cash.”
- Training employees against social engineering: “Many fraudsters find it easier to trick a person into revealing account credentials than to hack into a computer. Training your employees to not provide any user name or password information over the phone or email – even if the source seems legitimate and unless and until the source is independently verified – is a vital measure of protection.”
- Locking your computer while away from your desk: “As we all know, a minute away from our desk can sometimes turn into much longer, as meetings pop up and we get stuck taking care of a crisis. Again, just as you wouldn’t leave cash lying around on your desk, always lock your computer as well. Also, software such as Trusteer Rapport provides additional high-tech protection against infiltrators who try to break into your computer electronically.”
- Knowledge of vendors and business partners: “While you may somewhat confidently share wire instructions with long-time vendors or business partners, it is wise to conduct some due diligence around new Positive Pay for cheques, and Automated Clearing House (ACH) and Payee Positive Pay for cheque disbursement accounts adds in an extra layer of protection.”
- Conducting surprise audits: “The American Bankers Association (ABA) reports that 60% of all fraud incidents within a business involve employees. Surprise audits are a good way to detect and deter occupational fraud schemes so that funds can’t be manipulated ahead of the audit.”
- Enforcing vacation policies: “Similarly, making sure that there are periods of time in which employees are away from their desks and have their records available for oversight has been supported by financial regulators like the Securities & Exchange Commission (SEC) for years, but all companies can benefit from this policy. A one- or two-week window can provide the additional transparency needed to expose internal fraud.”
- Dual approvals required for payments: “Implementing banking processes that require dual approvals for activities such as payments and wire transfers is an easy way to minimise certain fraud risks. Companies can also require additional approvals before a new vendor is added to a payment system, as well as use debit blocks and alerts to reduce the risk of unauthorised payments.”
- Open access to company chequebooks: “In 2012, 85% of organisations experienced actual or attempted cheque fraud, according to the Association for Financial Professionals’ (AFP) latest fraud survey. Having company chequebooks out in the open leaves your bank account information visible and increases the risk of cheque theft. Always lock up any chequebooks.”
- On-site collections: “Outsourcing collections mitigates the risks that emerge when receivables cheques are lying around the office.”
“Whether it’s our personal banking information or the company accounts we are responsible for, the most basic advice we can give is to use common sense – and make sure your employees do, too,” said Gifas. “Walking employees through scenarios and conducting training around fraud threats can help to minimise the headaches and real financial losses that happen when fraud occurs.”