NEW YORK, Dec. 10, 2012 /PRNewswire/ -- "Just like legitimate businesses, fraudsters are planning ahead for 2013," says James Gifas, head of RBS Citizens Treasury Solutions.
"During and just after the holidays is when many fraud schemes pick up, as more people feel stretched with greater year-end expenses," he says. "And as we look ahead into 2013, companies may have blind spots they may not be considering when trying to protect themselves, particularly when it comes to employee fraud."
RBS Citizens Treasury Solutions experts are currently conducting a fraud education campaign for commercial customers to make sure clients are aware of the areas of vulnerability at their firms, including new online threats that will pose the greatest risk in 2013. The bank has developed a "fraud kit" for companies to supplement a series of seminars that are running in 11 cities through January. The kit includes a list of best practices for deterring internal and external fraud.
Mr. Gifas and his team have identified ten common security gaps that companies need to address to protect themselves when planning for 2013:10 Fraud Blind Spots
- Are you using weak passwords? "Hackers have more processing power to crack passwords than ever before, and can relatively quickly test all words in the dictionary to see if the right one comes up. Use instead a more complicated combination of letters, numbers, and symbols that aren't easily searchable."
- Do employees keep passwords "hidden" in their top desk drawer? "The strongest password in the world won't protect your account if a perpetrator can read it from a slip of paper in your office. Keep passwords behind lock and key, just as you would cash."
- Are you training your employees against social engineering? "Many fraudsters find it easier to trick a person into revealing account credentials than to hack into a computer. Training your employees to not provide any user name or password information over the phone or email – even if the source seems legitimate and unless and until the source is independently verified – is a vital measure of protection.
- Do you lock your computer when you step away from your desk? "As we all know, a minute away from our desk can sometimes turn into much longer, as meetings pop up and we get stuck taking care of a crisis. Again, just as you wouldn't leave cash lying around on your desk, always lock your computer as well. Also, software such as Trusteer Rapport provides additional high-tech protection against infiltrators who try to break into your computer electronically."
- How well do you know your vendors and business partners? "While you may somewhat confidently share wire instructions with long-time vendors or business partners, it is wise to conduct some due diligence around new vendors or other payees. Using the Positive Pay services for checks and ACH and Payee Positive Pay for check disbursement accounts adds in an extra layer of protection."
- Do you conduct surprise audits? "The American Bankers Association reports that 60% of all fraud incidents within a business involve employees. Surprise audits are a good way to detect and deter occupational fraud schemes so that funds can't be manipulated ahead of the audit."
- Does your company enforce vacation policies? "Similarly, making sure that there are periods of time in which employees are away from their desks and have their records available for oversight has been supported by financial regulators like the SEC for years, but all companies can benefit from this policy. A one- or two-week window can provide the additional transparency needed to expose internal fraud."
- Are dual approvals required for your payments? "Implementing banking processes that require dual approvals for activities such as payments and wire transfers is an easy way to minimize certain fraud risks. Companies can also require additional approvals before a new vendor is added to a payment system, as well as use debit blocks and alerts to reduce the risk of unauthorized payments."
- Is there open access to company checkbooks? "In 2012, 85% of organizations experienced actual or attempted check fraud, according to the Association for Financial Professionals' latest fraud survey. Having company checkbooks out in the open leaves your bank account information visible and increases the risk of check theft. Always lock up any checkbooks."
- Does your company have on-site collections? "Outsourcing collections mitigates the risks that emerge when receivables checks are lying around the office."