We as a bank have been seeing more fraud attempts in the last few months than we have seen for the last few years. Inspired by an article in the Boston Globe, the article below focuses on some very easy, low- and no-cost ways to reduce cyber fraud. The information in bold is taken directly from the original article.
1. Establish a clean desk policy.
Banks and other regulated financial institutions are required to implement a policy that specifies how employees should leave their working space when they depart [the] office.
This is a very simple and effective way to be sure that no one can get sensitive information about your company, employees, vendors, or clients. Repairmen, cleaning crews, customers, and other employees may have access to your office during the day and after hours. If the information is left out, it can be stolen. It only takes a second to snap a picture of a document on a desk. I would go a step further and require any sensitive information be put in a locked drawer or cabinet.
2. Reconcile or check balances every day.
Most companies still reconcile their accounts every 30 days, a practice that has been in place for decades. But in the 21st century, accounts could and should be reconciled every day to make sure no suspicious transactions have occurred.
As a bank, we highly recommend this practice. In order to catch fraud in a timely manner, you have to be in touch with your account activity. Positive Pay and ACH Filter are two products that can help you reconcile and prevent fraud. Please contact me or take a look at our website for more information.
3. Segregate financial duties.
Segregation of duties is critical to effective internal controls because it reduces the risk of both erroneous and inappropriate actions. In general, the approval function, the accounting/reconciling function, and the asset custody function should be separated among employees. When these functions cannot be separated, a detailed supervisory review of related activities is required as a compensating control activity. Segregation of duties is a deterrent to fraud because it requires collusion with another person to perpetrate a fraudulent act.
Segregation of duties is highly recommended when it comes to establishing your business’ policies and procedures. You can also go a step further and segregate bank accounts by transaction types like Merchant Services and Payroll. By only having one type of transaction come through, like Merchant Services, it is easy to watch for fraud and reconcile with your Merchant Statement.
4. Establish vendor policies.
Require due diligence of all vendors and customers to verify how they treat financial information and how they handle checks.
We have seen a lot of fraud come through stolen checks that are delivered to unlocked mailboxes. We live in a community where not every business has a locked mailbox. Fraudsters will take the checks, bleach them, and cash them. If you have vendors and customers that do not have secure mailboxes, Positive Pay is a way to protect yourself.
5. Verify all requests to transfer funds.
All email requests to transfer funds, especially urgent requests, should be confirmed via a phone call or in-person meeting.
This is very important. Fraudsters have become very proficient at spoofing emails. If you have a request by email, verify it with a phone call or perhaps even face-to-face. It is a policy of State Bank of Cross Plains that if we get a request by email, we must verify it by a call.
Fraudsters are making our business lives more difficult than it used to be. These easy-to-implement policies and procedures can make your business more secure. If you have any questions, please reach out. I am here to help.
For more information about how to protect against cyber fraud and how to prevent and protect yourself, or call (855) 256-7328.