Protect Your Business Against Fraud and Cyber Attacks

“When is the last time you’ve experienced fraud?”

This is the first question we ask when meeting with business leaders in the field. In response, about 70% will point to an event that happened within the past 1-2 years. This isn’t just our observation – in fact, 73% of surveyed corporates reported that fraud has increased within the past year. As the rate of fraud steadily increases and the nature of cyber-attacks become more complex, businesses’ best option is to educate employees about best practices to outpace fraudsters.

As treasury management professionals, our top priority is to educate our clients about the fraud problem and provide security solutions. In this article, we will review the industry’s best practices for fraud prevention and describe some of the tools we offer to ensure your business is safe.

Best Practices for Fraud Prevention

Fraud prevention is not a spectator sport. To protect your business, you must take a proactive role in ensuring your internal protocols comply with industry standards. This means creating policies, training employees, and staying up-to-date on the latest trends.

We’ve outlined a few of the tried-and-true security practices that we recommend you implement ASAP:

Email Security

Individual employees’ email addresses are highly targeted pathways that fraudsters use to gather information and infiltrate a business’s proprietary data. The FBI cites business email compromise scams (BEC) as a top concern in their annual Internet Crime Report. According to the latest report (published April 2019), the FBI received 20,373 BEC complaints for a total of $1.2 billion in losses.

Depending on company revenue and the special insurance that a victimized business may have, the result of BEC is - at minimum - reputational damage. At its worst, the result may be significant fines, total loss of business, and even jail time when clients’ and investors’ funds are part of the loss.

These practices can help mitigate your risk from many common BEC scams:

Employee Training

This means the ability to spot suspicious emails. Some telltale signs include:

• Spelling, grammar, or punctuation errors
• Urgent requests for a financial transaction
• Requests to keep a transaction secret
• Funding instructions that include a bank account that your company has never used before
• Sudden changes to an established process (for example: instructing staff to send information to a personal @gmail.com address instead of the company email account)

If an employee detects a suspicious email, they should delete it immediately, report it to your company’s IT team, and - in many cases – report the matter to the FBI’s Cyber Task Force. Even if the email contains legitimate content, both email parties (receiver and sender) should communicate according to secure communication standards.

Just as all employees should delete suspicious emails, you should also delete unsolicited emails from unknown parties. Never open spam email, click links, or open attachments from unknown senders. If your company email account does not have a spam filter, be sure to add it ASAP.

Forward Emails

When responding to business emails, it’s a good practice to forward the email to reply instead of using the reply button. This will ensure that your emails are sent to the correct recipient. Hackers often use small discrepancies in email addresses to fool staff members into thinking a malicious email is legitimate. (For example – can you spot the difference between [email protected] and [email protected]?)

To protect yourself, forward each business email and manually type in the correct email address to respond.

Manual URLs

Just as you should type manual email addresses, you and your team should always manually type URLs. A common internet fraud tactic is “spoofing” legitimate websites with a similar URL and design. By typing in the URL manually, you will ensure that you are conducting business at the correct website.

Out-of-Band Authentication

Out-of-band authentication is a security practice that protects wire transfers from hackers. Rather than initiating and verifying the transfer within one, single communication channel, out-of-band authentication requires two separate channels to complete the transfer. This extra step significantly decreases the likelihood of malicious activity. To hijack a wire transfer, hackers would need to disrupt two separate and unconnected modes of communication.

For example, if a vendor requests a wire transfer via email, it is a good policy to verify the transaction over the phone or in-person. Doing so will confirm your recipient’s identity and ensure the transaction is valid.

Dual Approval

Dual approval guards businesses against fraud, both inside and outside company walls. Its name describes its functionality – instead of one person originating and confirming outgoing transactions, dual approval requires two authorized users to minimize error.

Regardless of the size of your business, dual approval is a necessary practice. Even if you trust your team completely, anyone can make an unintentional mistake. Dual approval ensures each outgoing transaction amount and recipient is correct and authorized.

How Axos Bank Protects Your Business

At Axos Bank, our primary obligation is to do everything within our power to educate and protect clients from becoming cyber fraud victims. We demonstrate this commitment by putting bank-level security right into our clients’ office. Here are some of our tools:

Direct Link Security

Axos Direct Link Security is an impenetrable hardware device that transforms your desktop into a private, virtual banking branch.

When you connect to Direct Link Security, the device isolates its encrypted and browser-based banking environment from any other non-banking activities – including Microsoft Excel or social media sites. This ensures your banking activity is not only safe, but also protected from platforms where nearly all forms of fraudulent activities begin.

When logging into Direct Link Security, it also uses a combination of traditional passwords and biometric authentication to further confirm your identity and verify that your login attempt is authorized. Because our biometric-based security protocols are established in accordance with the FBI’s Cyber Task Force recommendation, Axos Direct Link Security is the safest way to bank online.

By leveraging bank-level security, it ensures your financial activity receives the highest level of protection – without extensive (and expensive) IT infrastructure.

Direct Link Online

Direct Link Online is a downloadable browser (similar to Chrome or Firefox) that protects your banking activity from malicious attacks. Once activated, the browser creates a bank-hosted conduit between your business and Axos. In addition to keyboard encryption, Direct Link Online will automatically terminate the session if any preexisting malware is living on the user’s system. This ensures your session is private and safe.

Positive Pay

Positive Pay protects businesses by stopping fraud before money leaves the account. When a business discovers fraud, it typically does so after the fraudulent, stolen or tampered with check has cleared at the receiving bank. This is a problem because, once money has left a business, it’s difficult to recover the funds. With Positive Pay, issued checks are stored online for decision to pay or reject.

Here’s how it works:

• When you – or an authorized team member – originate payments, you also upload a corresponding file into our system. This file contains information such as payees, payment amounts, and account numbers.
• When a payee presents a request for payment, we will compare their information to our records.
• If there is a discrepancy in data, we will flag the payment and contact you for authorization.

Education