Cyber security is a prime consideration for any business. Your finance staff are the gatekeepers of your company’s money, so they are naturally a prime target for hackers and extortionists.
Here’s what your finance team needs to know about cyber security, its potential impacts on the business, and how you can help them to prevent security attacks.
Small Companies are Not Immune
Many people believe that malicious attacks only happen to enterprise-scale companies or large public bodies, like the NHS. And it’s true that these institutions are valuable to cybercriminals, as they can net them extraordinary sums. A notable recent case saw one US insurance company reportedly pay out $40m this year to release itself from a ransomware attack.
But nearly half (47%) of all small businesses suffered at least one cyber security attack in the past year. Most are largely unprepared to fend off cyber incidents and are left to deal with the impacts. These can be devastating. One report states that 60% of small businesses close within six months of a data breach or cyberattack.
Finance Employees are Perfect Targets
If you were to question your finance team about their personal risk of attack, they would likely reply that they would not be targeted. But it is precisely this mindset that makes them excellent targets for exploitation by cybercriminals.
A hacker will actively prey on those that are not vigilant enough. So, your finance team could be in danger. The risks include ransomware attacks, phishing attempts – and if your corporate IT has any security vulnerabilities, also malware and viruses.
Some of the most sinister threats, though, come via social engineering attacks. This is where the attacker chooses a candidate victim company, then tracks its digital footprint to find evidence and information about its activities, its employees and its partners. They then use this information to manipulate individuals into parting with login credentials and sensitive data, via targeted phishing attacks or by impersonating someone senior in the business. This is particularly effective with new hires, who don’t yet know everyone, nor who is responsible for what.
One form of social engineering – known as vishing, for voice phishing – is where a cybercriminal calls one of your finance team, perhaps chasing payment of an invoice. The standard response to a missing invoice like this would be to request it is resent. Once provided with an email, all the fraudster has to do is send an email with an attachment, often waiting for it to be opened live during the call.
Malware in the document then grants the hacker access to the company’s network. One way to avoid this is to insist on invoices being uploaded directly to cloud ERP software.
Another form of vishing that can catch out the unaware team member is where the cybercriminal claims to be calling a supplier to the company, asking for their bank account details to be changed. The scammer simply directs that any future payments be made to a new account.
Your finance staff have access to all these important details, as well as bank account logins and credentials for other payment systems. So, it’s crucial that you provide them with adequate advice and training to mitigate such cyber security threats.
How to Avert Cybercrime
To help prevent your company becoming a victim of cybercrime attacks, you need to ensure high levels of awareness amongst those in your finance team. With frequent training, you can maintain levels of competence and ensure that complacency doesn’t creep in. It also keeps staff vigilant.
The basics include training your staff not to disclose sensitive company data, to use strong passwords and to be certain to only click legitimate links.
But behind that, you should also employ robust systems and processes. By defining who can change what, for example, within an ERP system, you protect your business and uphold its security. Automating processes helps too. If your staff are manually comparing documents, forwarding invoices by email, or making unilateral decisions without sufficient approval, then there is always potential for errors and mistakes. And it’s here where a phishing or vishing attempt could prove successful.
The right software can help too. Cloud-based systems are always kept up to date, with security patches and updates applied so that risks are minimised. With your data held securely in the cloud, there is less risk of your data being compromised by an external hack. Your information is stored off premises and backed up regularly by your provider.
The architecture behind cloud-based systems is inherently less prone to vulnerability, so more difficult to attack anyway. Additionally, even if your own systems become encrypted due to ransomware, your cloud versions will be unaffected and fully restorable.
Cloud ERP software NetSuite can protect your company from cybercrime. With twenty-four-hour monitoring tools and controls, managed by a dedicated security team, the software assures the strongest levels of security for customers. To protect your data with NetSuite, contact us for a demonstration or a free consultation.