Protecting your business from fraud

In a digital world, the threat of fraud to businesses is only growing and evolving. That’s why cybersecurity and fraud prevention advice is the focus of this episode of the Sharing Knowledge Series. Host Kevin Vonderau, EVP, chief lending officer at Westfield Bank, leads an important discussion to help business owners stay informed about the latest fraud tactics and trends.

Kevin is  joined by Andy Jones, CEO at Fortress Security Risk Management and Westfield Bank board member, and Jarrod Long, director of treasury management services at Westfield Bank.

Watch or listen to the video below and read on for a recap of the discussion.

Not a matter of if, but when

With so many forms of fraud aimed at businesses of all sizes and across industries, business owners should have the mindset that it’s not a matter of if, but rather when fraudsters will target them. More importantly, what will you do or what protections will you have in place, when this happens?

Essentially, cyber fraud is the same as every other type of fraud, it’s just that electronic means are used to carry out the grift. In some ways, criminals have an easier time getting away with their schemes over the internet. When interacting with someone face to face, we can detect subtle body language and verbal cues that might tip us off to a fraudulent scheme. But this can be harder to detect through a phone or computer screen, underscoring the need to be informed and vigilant as a business owner.

Business email compromise, check fraud, payment scams, and imposter fraud are among the biggest threats facing businesses today. Another, more sophisticated type of fraud to note is caller ID spoofing, in which the scammers hack a credible number, such as a business’s customer service line, and call you from that number. 

Creating a sense of fear and panic

One commonality between the various types of scams is that fraudsters try to instill a sense of fear and urgency into the individual or business they’re targeting. For example, a phishing email may claim that you’re late making an important payment and insists that you’ll face further fines if you don’t pay immediately. 

In this day and age, it’s safe to assume your basic personal information is out there, whether or not you’re active on social media or have any online biographies. “Everyone’s information is available,” Andy explains. “The only way you would not have a digital footprint on the internet is if you don’t exist yet.”

What you can do

As fraudsters evolve and adapt their schemes, thankfully, when it comes to check fraud and payment scams, many banks are staying ahead with tools to reduce your vulnerability. For example, Positive Pay, a service Westfield Bank offers, automates your account reconciliation by comparing identifying check or ACH information issued by your company against checks presented for payment or ACH debit transactions attempting to clear your account. Unauthorized transactions are flagged, alerting you to review discrepancies. Security features like multi-factor authentication provide an extra layer of protection. Internally, businesses can consider implementing dual control, which requires two staff members to review a transaction before it’s approved.  

In the event your business has been compromised, what you do next can be critical. Let’s say an employee clicks on a fraudulent email and it leads to a ransomware situation. When this happens, you’ll want to focus on stopping what’s known as lateral movement, which refers to malware spreading across your network data. To prevent this, implement a good “cyber hygiene” schedule, as Andy calls it, to ensure patches are up to date. A detection method that can be helpful is Impossible Travel, which flags when the same user sign in happens from two different locations in a short period of time.

In a more general sense, planning ahead (similar to a fire or tornado drill) before a crisis takes hold is the best thing any organization or individual can do. Having a proactive plan to prevent and mitigate damage from a cyberattack is something every business leader should have in place, along with regular employee training and awareness around best practices. 

It’s also important to have a relationship with a professional cybersecurity firm long before your business has fallen victim. If you wait until something bad has happened, it’s likely going to be too late to get help in time. 
 

Watch or listen to the full episode, now

VIEW FULL EPISODE

The Sharing Knowledge Series of videos, podcast episodes, and articles are for informational purposes only, and is not intended to serve as legal, tax, financial, investment, accounting, or regulatory advice. Opinions expressed and third-party information shared herein do not reflect the opinions of Westfield Bank, Westfield Group, or any of its subsidiaries or affiliates. The information shared does not constitute nor is intended as an offer or solicitation for the purchase or sale of any product or service. Testimonials may not be representative of the experience of other customers and are not guarantees of future performance or success. Bank products and services provided by Westfield Bank, Member FDIC an equal opportunity lender.