Yes, it could happen to you!

Cybercrime featured prominently in the media in 2021 as thousands of organisations fell victim. Ransomware dominated the headlines, but is just one of the many types of cybercrime inflicting major losses on companies across the globe.

If there is one lesson to be learned from cybercrime incidents, it’s that you don’t have to be a target to become a victim. Cybercriminals will simply attack the cash management system of any company that gives them that opportunity. And unfortunately far too many do, with two main causes: technological vulnerabilities and employee behaviour.

The dangers of cybercrime are widely recognised, and many companies have taken steps to improve their security. For example, a growing number actively monitor their network and initiate immediate action in the event of irregularities, such as unusual data traffic or failed login attempts. Most also make frequent backups and store these safely (away from the network).

The biggest pitfall remains not installing patches and updates on time, leaving vulnerabilities in your software. Following up on CVEs (Common Vulnerabilities and Exposures), and especially those with a high severity, could save a lot of companies a lot of grief.

Another common problem is shadow IT, the presence on your network of software that’s been unofficially purchased and installed by employees. This tends not to be updated and so becomes vulnerable over time. Which is why advise limiting user rights in order to prevent employees downloading software, such as plug-ins or software requiring a licence. It’s also smart to keep an eye out for people using cloud services, and especially where it involves uploading confidential information, such as file sharing, and translation or presentation services.

The vast majority of cyberattacks still start with a phishing mail. An employee clicks on a link or opens an attachment and whoosh! — login details are stolen or malware installed. Technical measures can prevent most phishing mails reaching employee inboxes, but there’s always a chance one will slip the net. So training your people in recognising and reporting suspicious mails, attacks via social media and phone scams is vital. Alert employees are your human firewall.

Implementing secure procedures can also prevent a digital break-in. It’s important that nobody deviates from procedures, and especially those working in cash management or accounts payable. Cybercriminals will try, for example, to take over or successfully spoof an email account, and then send invoices with a different IBAN. Which is why any changes to invoices should always be verified with suppliers and vendors, ideally by phone and no matter how small the amount, in order to avoid you paying the wrong party.

Everybody knows passwords, PIN codes and other user credentials must be kept secret. The challenge is to use unique and strong passwords for each account. With everyone nowadays needing dozens of work and private passwords, reusing passwords is unfortunately very common. The many data breaches that have occurred over the years mean that cybercriminals now have access to a large database with combinations of email addresses and passwords that they can use to hack into your cash management systems. Introducing two-factor authentication (2 FA) is therefore a must for accessing critical systems; and providing employees with a password vault in which to safely store unique, strong passwords is also a smart idea.

The bottom line? The cybercriminals are working away out there 24/7 at breaking into your systems. So you need to be working just as hard and smartly to keep them out.

An at-a-glance overview of our tips for protecting your company against cybercrime:

1. Scan your system or network for regular vulnerabilities

There are several scanners on the market that identify and report vulnerabilities, as well as various services that send mails about new vulnerabilities found in popular software (e.g. from Microsoft or Oracle).

2. Act if vulnerabilities are found

Ensure everyone knows what they must do if they find or suspect vulnerabilities in your network.

3. Patches & updates

Keep all software (including operating system, antivirus, firewall and browser software) up-to-date. Install security updates as soon as possible.

4. Backups

Set up a daily backup procedure and disconnect your backup from your network.

5. Awareness

Train employees to recognise suspicious mails, and never to click on suspicious attachments or links.

6. Create a Cyber Response Plan

It should address the possibility of data loss, data fraud and the unavailability of data or systems. Develop scenarios for how to deal with, for example, lost customer data or order histories. Train people accordingly. Evaluate your incident response.