You’re proud of your company and your employees. Employees represent your mission and values—they make you who you are as a company. But the human element can be what makes businesses—especially finance companies—the most vulnerable. Without adequate training on how to identify security risks or cyberattacks, even top performers can unwittingly open the door to cybercriminals. The evolution of technology has increased the sophistication of attacks. According to an FBI announcement, between June 2016 and July 2019, business email compromise has cost businesses and individuals $26 billion in losses. The bad guys are only getting better.
Criminals use deceptive and malicious tactics to target their victims. In the equipment leasing and finance industry, the end user may conspire with a vendor who is falsifying invoices, or may be dishonest about the location (or the existence) of the equipment they are attempting to finance. Since these are well-known risks, we’ve been able to mitigate them through development of stronger controls with additional steps to our credit, documentation and funding procedures. It may lengthen the process time, but these are accepted best practices. As we see the increase in risk, we have to accept that extra caution and process time are a part of life. It’s like spending more time at the airport for security screening—we sure didn’t like it at first, but now it’s an accepted part of travel.
Some things to watch for:
Social Engineering is a method that deceives someone into handing over sensitive information. Bad guys collect personal information about an individual or company from social media sites and use that information to manipulate the target into trusting the perpetrator and complying with the request. The cybercriminals might reach out to you about a recent trip or a job change that may not seem suspicious. Be cautious regarding unsolicited phone calls or emails that request sensitive information.Phishing is the attempt to obtain sensitive information through email, such as passwords or bank account details, from someone posing as a trustworthy organization. These attacks often look legitimate. We all have heard a story of someone posing as the CEO and emailing an employee to wire money to a certain account, only to find out that it was not the CEO—and the money is gone. Employees can also endanger their company by clicking on a malicious email link that installs malware or ransomware on the company’s network.
Who we have been historically, and who we’ll continue to be, is an industry with honest people who are trying to do the right things for our clients. However, given the nature of our business, there is a lot of opportunity for bad stuff to happen. Cybercrime is here to stay, and there is no magic potion to protect your company. It’s more important than ever to be diligent and proactive in investigating and understanding these risks in this ever-changing digital world. Arming your employees with the right tools—awareness, education and a healthy suspicion—to keep your business safe is the only way forward.
Share:
Article Tags:
EL&F magazine article
RISK MANAGEMENT
Executive Perspective
Column
2020