Instances of Internet fraud and other data related crimes have been increasing dramatically and becoming progressively sophisticated. Cyber-attacks on organisations via security loopholes and un-patched servers have increased over 80 percent in the last two years as intruders look for industry or identity data theft.
The good news is that you can be proactive and protect yourselves from these types of illegal activities. Your best defense is first to understand the methods being used by cyber criminals. Understanding not only how they access your critical data but also how the data is used can help you identify your most vulnerable assets. Next is to understand the technologies and methodologies you can implement to protect yourself and your data. Real-time intrusion monitoring is one critical element. Having access to certified security experts who can review threatening situations and assess your threat level is paramount.
We encourage you to review a recent US government advisory document which outlines how cyber criminals operate and the basic recommendations you can take to reduce the likelihood of fraud in your organization. Here is an excerpt from the article that outlines tips to protect your organisation, detect fraud and respond to suspicious activity:
Protect
- Educate everyone on types and sources of fraud
- Enhance security within the network systems to protect against fraud
- Enhance the security around banking processes and controls
- Understand responsibilities and liabilities
Detect
- Monitor and reconcile accounts daily
- Discuss options offered by your financial institution
- Note any changes in performance
- Pay attention to warnings
- Be on alert of rogue e-mails
- Run regular system scans for viruses and malware
Respond
- Develop a response system
- Ensure employees know who key contacts are
- Possess key contact information for your financial institution
- Maintain written chronology of events
- File police report
- Have a contingency plan for compromised systems
- Consider other data/systems that may be at risk
- Report exposure to PCI/DSS
If you do not have the appropriate internal resources to assist with fraud protection, detection and responses, be sure to find a provider that understands the risks associated with cyber crime. It’s also important to work with someone who understands your industry and business processes.
This article was written by Aaron Donaldson, RSM US, and first published here.