"Just like legitimate businesses, fraudsters are planning ahead for 2013," says James Gifas, head of RBS Citizens Treasury Solutions.

Mr. Gifas and his team have identified ten common security gaps that companies need to address to protect themselves when planning for 2013:

• are you using weak passwords? Hackers have more processing power to crack passwords than ever before, and can relatively quickly test all words in the dictionary to see if the right one comes up. Use instead a more complicated combination of letters, numbers, and symbols that aren't easily searchable.
• do employees keep passwords "hidden" in their top desk drawer? The strongest password in the world won't protect your account if a perpetrator can read it from a slip of paper in your office. Keep passwords behind lock and key, just as you would cash.
• are you training your employees against social engineering? Many fraudsters find it easier to trick a person into revealing account credentials than to hack into a computer. Training your employees to not provide any user name or password information over the phone or email – even if the source seems legitimate and unless and until the source is independently verified – is a vital measure of protection.
• do you lock your computer when you step away from your desk? As we all know, a minute away from our desk can sometimes turn into much longer, as meetings pop up and we get stuck taking care of a crisis. Again, just as you wouldn't leave cash lying around on your desk, always lock your computer as well. Also, software such as Trusteer Rapport provides additional high-tech protection against infiltrators who try to break into your computer electronically.
• how well do you know your vendors and business partners? While you may somewhat confidently share wire instructions with long-time vendors or business partners, it is wise to conduct some due diligence around new vendors or other payees. Using the Positive Pay services for checks and ACH and Payee Positive Pay for check disbursement accounts adds in an extra layer of protection.
• do you conduct surprise audits? The American Bankers Association reports that 60% of all fraud incidents within a business involve employees. Surprise audits are a good way to detect and deter occupational fraud schemes so that funds can't be manipulated ahead of the audit.
• does your company enforce vacation policies? Similarly, making sure that there are periods of time in which employees are away from their desks and have their records available for oversight has been supported by financial regulators like the SEC for years, but all companies can benefit from this policy. A one- or two-week window can provide the additional transparency needed to expose internal fraud.
• are dual approvals required for your payments? Implementing banking processes that require dual approvals for activities such as payments and wire transfers is an easy way to minimize certain fraud risks. Companies can also require additional approvals before a new vendor is added to a payment system, as well as use debit blocks and alerts to reduce the risk of unauthorized payments.
• is there open access to company checkbooks? In 2012, 85% of organizations experienced actual or attempted check fraud, according to the Association for Financial Professionals' latest fraud survey. Having company checkbooks out in the open leaves your bank account information visible and increases the risk of check theft. Always lock up any checkbooks.
• does your company have on-site collections? Outsourcing collections mitigates the risks that emerge when receivables checks are lying around the office.

 

---

Fraud is on the increase world-wide and it‘s not just limited to payment cards. How many of these security gaps apply to your corporate treasury department? One? Four? None...... I don't believe you.