Cyber fraud is probably of the biggest risks for corporates today, there are 000s of reports and analyses on what to do to prevent your company being hacked. CTMfile has reviewed many of the latest reports and suggestions, here is our pick of the best ideas:
- e-mail button: build a plug-in for your email software for staff to report suspicious emails. The button is a constant reminder of the risk, and when a suspicious email is reported, it is taken away from the employee. The Wall Street Journal report that, “The program can identify other messages in the system carrying the same type of attachment or link and automatically pull them all from the system, so all it takes is one person to push the button.” (Source Max Kelly who was chief security officer at Facebook and previously worked at the National Security Agency and U.S. Cyber Command before launching his own security firm.)
- False charge back prevention: Set up a merchant historical database to create household profiles, so family is viewed as a whole (Source: THE FACES OF FRIENDLY FRAUD - ethoca)
- Use a single platform to break up traditional information silos: For example, linking the personal data and purchase history of a customer who shops online and in a physical store can give critical insights, and vice versa. (Source: “Fighting fraud with unified data”, Adyen)
- Monitor for suspicious behaviour on your customer accounts: Fraud screeing should start of the first point of customer interaction. (Source: Cybersource.)
- Use wire request tool that doesn’t accept email requests
- Use biometric authentication of all staff
- Use real-time monitoring of all communication: e.g. Synack, which uses a crowdsourcing model to provide cybersecurity. The company hires real hackers from 50 different countries and task them with breaking into corporate systems to expose their vulnerabilities. When hackers are successful, they are paid a “bounty” by Synack.
Cyberfraud prevention checklists
Use these Checklists to keep cyber fraudsters at bay:
- International Chamber of Commerce 'Cyber security guide for business', presenting a number of principles, strategies and actions that can help companies put a cyber security framework into practice
- The board Checklist: the vital questions
- ’10 steps to Cyber security from UK’s GCHQ’ (UK Government Communications Headquarters) who monitor the Internet and many other networks
- SANS (System Administration, Networking, and Security Institute) ‘Critical Security Controls’ —a short list of controls developed by security experts world-wide based on practices that are known to be effective in reducing cyber risks
- NIST (National Institute of Standards and Technology) Framework for Improving Critical Infrastructure Cybersecurity—combines a variety of cybersecurity standards and best practices together, see
- Shared Assessments—an organization that develops assessment questionnaires for use by its members, see
- ACFE’s Fraud Prevention Checklist, see
- ’40 questions you should have in your vendor security assessment’ from BITsight which shows how to monitor and manage vendor security, see.
CTMfile take: Cyberfraud is a fact of life in business today, using these ideas and checklists will ensure you at least minimise the level of fraud.
Cyberfraud - it will be your fault. Protect yourself
Who is responsible: IT? Internal audit? Corporate treasury? Accounts payable? Government? Global regulators?
Cyber fraud prevention - the vital questions for your board
UK’s NCA Strategic Cyber Industry Group concluded: “Perfect security is almost impossible”, so your board better have appropriate answers to these questions or are you already in big trouble?
SWIFT in second cyber attack, TPBank also targeted by fraudulent SWIFT messages
Following the Bangadesh Bank heist in February, on Friday SWIFT announced further attacks by cyber criminals using malware to defraud banks. Now Vietnam's TPBank says it has interrupted an attack.