Just because you have home and contents insurance, it doesn’t mean you would leave your front door unlocked.
If it's the same for your business, what about cybercrime? While your cyber insurance may provide some remedy (usually capped and for a single event only) after a cyber-attack, it cannot fix the reputational damage, the potential decrease in company value, the time and administration cost or psychological impact on the finance team. And that’s before considering the likely increase in premiums, should you succeed in your claim.
In the case of cybercrime, prevention is always better than cure and cyber insurance as a single counter-measure against rapidly evolving forms of cybercrime, like Business Email Compromise, and other social engineering type scams, leaves the organisation, its reputation and people exposed. And that's before you consider the risk of rising premiums should you make a claim.
Here are some ways you can ‘lock your doors’ to cybercrime:
1. Stay Aware – keep up to date with the latest scams - attend cyber events, subscribe to security newsletters – and ensure your employees, colleagues and trading partners are aware by distributing information regularly on new scams and how they work in practice.
2. Ensure security hygiene – now is the time to review your company practices in relation to password and security controls. Never share passwords across multiple sites or permit weak passwords. Definitely use Multi-Factor Authentication (MFA) which is a two-step authentication of a user’s claimed identity for all systems where available including e-mail.
3. Recognise the vulnerability of email - companies need and use email, the key is to recognise that employee email accounts are gateways to highly sensitive information and attacks and therefore create and enforce policies restricting what information can be kept in email inboxes and for how long it should be kept before securely archiving it.
3. Establish and enforce protocols in finance teams - this could include protocols such as separation of duties and independent verification for changes to bank details. Do not trust or rely on emails for bank account changes – any change should be checked via a call back to the supplier using an independently sourced phone number.
4. Keep systems are up to date - ensure all your systems are running the latest security patches and configured securely – many ERPs have been subverted due to incorrect configuration or not having been patched to the latest levels
5. Use tools to enhance your security - while many systems, such as spam filters and anti-virus software should certainly be employed, and can help prevent certain attacks, they don’t work with the currently pervasive forms of scams such as Business (Supplier and Executive) Email Compromise scams that use social-engineering, rather than technological ‘dark arts’, to deceive people. Nor will this software protect the organisation from insider scams.
In order to truly protect your bank account from losses due to these scams one has to have a solution that operates throughout the payment lifecycle. At eftsure we’ve developed a unique Know your Payee (KYP) platform that does just that; providing CFOs and their finance teams with rich verified data on suppliers in real time, throughout the payments process and before they pay the wrong supplier.
So by all means be insured. But there is a way to lock your door to cybercrime too.
To find out how we can improve your internal controls and protect you from payments fraud and error, please get in touch or leave a comment below.