In a world of digital financial networks and online commerce, the risks of cyber fraud are greatly increased. With the continuous advancement of technology and the ever-growing reliance on digital platforms for financial transactions, businesses are faced with new and evolving threats from cybercriminals. These criminals utilize a range of tactics and techniques to target and exploit vulnerabilities in computer systems, networks, and devices.

What is cyber fraud?

Cyber fraud is criminal activity that either targets or uses a computer, a computer network or a networked device. Usually cybercriminals or hackers set out to make money… but some have political or personal motivations.

Businesses face increased financial risk as criminals get more sophisticated. Often criminals target the finance team, especially the accounts payable function which influences critical payment processes.

What can businesses do to protect themselves against this financial fraud? Here are some guidelines.

1. Consider this a people and process challenge, not an IT challenge

It’s important to acknowledge that humans are generally the weakest point in any process (NOT Information Technology). For example, a firewall which is not monitored has no value. And antivirus software alone can’t prevent infection. 

2. Update authentication and review processes

Robust payment processes help team members act wisely and consistently. An example is setting rules on how payments are approved to prevent unauthorised, fraudulent payments as well as mistakes. This may involve designating an ‘approver’ for certain types of transactions AND requiring them to follow a validation process. For example, perhaps they should match an invoice with a purchase order. Or - even safer - perhaps they should match the invoice and purchase order with the received goods or services.

3. Review password policies

Longer, complex passwords increase security  BUT can also cause password reuse, people writing them down and storing them in vulnerable places. The best policies will mandate complex passwords AND use of a reputable password manager that stores encrypted passwords. Multi Factor authentication should also be used for all applications, including email.

4. Spam filters and anti-virus software

These tools have an important role but, remember, they cannot protect against insider scams or social engineering scams.  

5. Segregation of Duties

Segregation of duties means that no single employee can control multiple stages of any accounting process such as reconciliation, custody of assets, authorisation and record-keeping or bookkeeping. Acknowledge that EVEN long-term, trusted employees can be perpetrators of fraud. 

6. Create awareness of social engineering scams

A common example of fraud involves criminals impersonating trusted parties to create fraudulent payments. For example, a Finance Director may be impersonated to request certain action, like initiating a payment or altering banking information. Some of these scams lack credibility… but their prevalence shows that they work in a disturbingly high number of cases.

7. Develop a counter-fraud culture

You cannot completely eliminate human error (or criminal behavior) but raising the profile of the conversation and providing continuing education is a start. Management buy-in will help cyber fraud get the attention it requires. Keep in mind that the absence of fraud doesn’t mean it isn’t happening… because there is usually a lag between fraudulent actions and the impact of those actions. Ideally, the culture should inspire people to report suspicious incidents. There should be a commitment to ongoing fraud awareness, social engineering training, and implementing proper policies and procedures.

How prepared are you for the growing risks of cybercrime?