Commercial Insights

Safeguard your financial operations

Commonsense moves any business can take.

Fraudsters are on the hunt. And they get more savvy by the day.

Whether through your email, phones, or even a nearby mailbox, it’s certain that someone is trying to gain access to your finances or identity.

This is an everyday reality for any business, regardless of size. Yet while no business is immune from fraudsters, that doesn’t mean you’re powerless.

“The best way to thwart fraud? Having the systems and controls in place before you face an attack, not after,” says Jeff Taylor, Regions head of Commercial Fraud Forensics. “Otherwise, you have to face recovery and it’s not often pretty.”

Fraud can not only cripple your finances, it also has potential to drive you out of business entirely. However, as Taylor points out, the proverbial ounce of prevention is worth a pound of cure.

So, what steps can a business, any business, take? Here are measures your business can and should take, many of which are easy and straightforward to implement.

First, guard your house.

As Taylor points out, “Fraudsters don’t want to work that hard. They are instead on the lookout for the easy score.” That means when you put the right precautions in place, most move on in search of other, more accessible targets.

With that in mind, Taylor recommends these steps you and your team can take right away.

• Conduct a thorough IT vulnerability assessment. Find any holes in your security and plug them right away.
• With your IT resources, create effective firewall protocols to protect your systems and confidential information.
• Regularly patch and update security systems and often back up all critical data offline.
• If you receive a software update, implement it throughout your company right away. Updates almost always are in response to newly identified security threats.
• Require strong passwords and multi-factor authentication.
• Leverage fraud prevention tools for business payments, including Positive Pay, ACH Positive Pay, and account reconcilement

Train your team members

You’re not in this alone. Your team members have an important role to play in stopping fraud in its tracks. That makes a mindset of fraud awareness throughout the organization crucial. Because the more everyone is on their toes, the more secure your data can be.

• Require every team member understand the stakes—as well as what to recognize as a potential threat. As one example, Regions offers free and valuable resources to teach these critical lessons: fraud prevention for treasury management, fraud prevention for consumers and businesses, and latest news on fraud scams.
• Remind team members frequently of potential dangers and precautions to take, including not clicking on links or attachments from unknown sources.
• Implement regular phishing tests for everyone in your organization to instill alertness.

Create a fraud and risk governance plan

Fraud prevention isn’t an event. Instead, it’s an ongoing effort that requires awareness of evolving cyberthreats and ensuring strategies are in place to ensure vigilance and the greatest effectiveness. Here’s how to create greater security for your organization for the long term.

• Identify and document risk tolerance. Have clearcut guidelines, especially for those in your financial operations.
• Create a robust vendor management program, including assessing and managing risks associated with vendors' compliance, data security, and other relevant areas.
• Document a detailed fraud response plan. The faster you act in the event of fraud, the more you limit damage.
• Review cybersecurity insurance coverage. That way you’re protected from financial losses from cyberattacks and other cyber-related incidents including legal fees, data recovery costs, and potential reputational damage.
• Divide financial responsibilities. Sometimes, fraud comes from within. Instituting Dual Control -- when two people in the business approve all transactions —can sharply reduce the odds of embezzlement. This includes accounting controls such as keeping Accounts Payable and Accounts Receivable separate. Further, ask an outside accountant to conduct a periodic audit of your books.
• Review and establish internal controls. Information is power. That means instituting degrees of access, as well as a validation procedure for changes in payments.
• Take the time to confirm. If encountering a request that doesn’t seem right, whether a change in payment information or a request for payment via e-mail, use STOP-CALL-CONFIRM to validate the request. A extra few minutes to verify the request could save you thousands of dollars.
• Keep plans, coverage, and strategies updated. As your business grows and fraud threats grow more sophisticated, consider your efforts as ongoing rather than a one-time project.

In short, the better you prepare for fraud today, the better you’ll protect yourself and your business when potential fraud threats are at your door.