Zero Trust a Network Architecture or Framework?
Everyone is talking about Zero Trust as the new standard in Cyber Security. Gone are the days of perimeter protection alone and security over public […]
Protecting your Business from Wire Fraud
|
End of year payments time. Rush to close out projects before the week of Christmas, when most everyone but retail goes dark for the new year. Contracts getting signed, purchase orders created and PAYMENTS being sent–many in a last minute rush while thinking about gifts, flights, eggnog and College Football. One of the biggest risks this time of year–Wire Fraud!
Wire Fraud is rapidly increasing and one of the least talked about cybercrimes. The majority of the time the crime is committed using a combination of business email compromise and social engineering. Victims end up willingly sending their capital to the bad guys, and by doing so, likely void insurance policies and absolve others, including their bank, of any liability.
The criminals have become highly sophisticated, this is not a “Nigerian Prince Scam” or spoofed email, but a highly targeted attack capable of tricking even the most compliance focused organizations. Tech solutions, however, are only effective at the margins, as no amount of tech spend can prevent your counterparties from being compromised or your humans from being tricked. In general, I believe the way to prevent this fraud is 10% technology driven and 90% process and controls.
Solution: 10% Tech
- Email Protection
- Anti-Malware
- Identity protection (multi-factor authentication)
- PAM (Privileged Access Management)
Solution: 90% Processes and Controls.
Make sure:
- All new payments for ACH and Wire are confirmed with an outbound phone call to a known good number
- Have two accounting teammates verify every new instruction
- Turn on relevant banking protections (wire templates and callbacks) and make sure those verifying instructions are not the same teammate entering the payment instructions into the bank or ERP.
Even if you have the best practices written down, the facts are that this process breaks down at scale, and the bad guys will focus on socially engineering the human element in your process. We have partnered with a unique solution founded by an FBI alum, www.conduitsecurity.com, that solves the process and controls element with a workflow automation tool.
They provide:
- Best Practices
- Train you through the process and workflow
- Implement guardrails through their “set-up wizard” ensuring the process is followed EVERY TIME!!!
Process and controls can leverage technology and templatize, Conduit hits the mark with a low cost of entry, ensuring checks and balances without delaying the eggnog.
What to Read Next
Stay Connected
Recent Blog Posts
