The Most Dangerous Threats Today
According to the AFP Payments Fraud and Control Survey, 73% of finance professionals admit that their companies were a victim of payment fraud in 2015, an increase of 11% compared to 2014. Sadly, it looks like it’s no longer a question of if, but when an enterprise will be attacked by cybercriminals.
As the number of cyberattacks increases steadily, finance and IT teams are teaming up to improve security, particularly in treasury. Let’s review what actions organizations can take to protect financial data from increasingly sophisticated hackers.
5 Ways IT Teams Can Increase Cyber Security
Define a security management program
Put together security objectives, policies and procedures in a program. Use for example ISO 27001/2 as a framework. Assign clear responsibilities to manage security risks based on the program.
As new threats are being discovered every day, work with industry experts to stay current on security issues and maintain the highest level of protection. Also, use third-party audits, such as SSAE16 SOC2, to get independent feedback on the thoroughness and effectiveness of your program.
Mitigate human error
Companies tend to focus on external intruders, but security threats and fraudulent activity often come from within an organization. Internal resources accidentally create security issues or even worse intentionally perform malicious acts. Therefore, make sure all staff is well trained and up to date on the latest security policies. Additionally, take actions to protect your data from unintended behavior and to identify internal threats immediately.
Use current technology and work with partners
Legacy technology is rarely able to support current industry standards for security. As corporations start to realize that they either don’t have the talent, capacity, or money to guarantee the required security standards of their installed software applications, they look into outsourcing their IT increasingly to the cloud and only service core systems like the ERP system(s) in-house.
By outsourcing applications to vendors that are expert in hosting the software, they not only get a higher level of service defined in a Service Level Agreements (SLA), but they also benefit from the vendor’s economies of scale in areas like security protection. If they are part of a community of clients on a multi-tenant software-as-a-service (SaaS) platform, they will share services and costs. These savings can also be quantified as part of their return on investment.
Centralize access and control through authentication
Authentication is a key component to security and fraud protection. Many companies struggle with a disparate system landscape created through mergers and acquisitions, global operations or a weak IT policy. Using industry standard authentication technologies such as Security Assertion Markup Language (SAML), companies can centralize system access and authority for their global staff, using a common identity provider.
Today, dual factor authentication has also become the industry standard, especially with systems that can be used to manage financial transactions and payments such as temporary transaction authorization numbers.
Balance security budgets and levels
Although security levels can never be too high, it is easy to spend time and money on preventing cyberattacks without adding much extra value. Make sure investments are providing measurable mitigation on real and present cyber dangers. Keep on top of industry trends and mitigate risks before they become an issue for the company and its customers.
Commonly, data protection is an IT task. However, CFOs and treasurers are very sensitive when it comes to cyberattacks and fraud, given the sensitivities around financial data and the damage that may derive from payments going to the wrong accounts or money disappearing from corporate bank accounts. Actually, there is a lot more finance professionals can do, in addition to participating in their company’s security management programs.
3 Ways Treasury Can Help Prevent Cyber Crime and Fraud
Make cash visible
Knowing the balances and movements for each corporate account is the logical first step to avoiding fraud. Fast-growing corporations often struggle with cash visibility. This starts with not having an overview of all accounts across the company’s different banks. Under this condition, it often takes days to put together the cash position. Without a clear picture of a company’s financials, cyberattacks can go on undetected.
Control payment workflow
The payment system is of particular interest to cyber criminals as it contains a lot of sensitive data, including information on clients, suppliers and employees, but it is also the place for illegal money transfers. Finance professionals should implement strict authorization and approval workflows to assure secure payments. Defining signatories per account and different levels for payment approval workflows through a 4-eye-pricipal or 6-eye-principal are established best practices.
Use current treasury technology
Today, finance departments are often responsible for selecting and implementing new treasury technology themselves. Considering cyber threat, fraud and human error, finance professionals should make sure they have current technology in place that helps them to collaborate with global subsidiaries to make global cash visible and to control transaction workflows.
As many treasury software providers are moving to the cloud, finance departments are able to outsource their technology to experts providing high service and high security levels. At the same time, they get specialist capabilities that help them to make cash flows and workflows transparent and secure.
Security is all about identifying risks and mitigating them on an ongoing basis. Therefore, it is critical that corporations take a structured and consistent approach to managing cyber threats globally, both within treasury and across the IT organization.
For more information on how to arm up against cyber threats, check out Reval Cyber Guard.