Recent data breaches at large companies, such as Target, Home Depot, and J.P. Morgan Chase, are a reminder of how vulnerable data and systems can be to cyber security threats, and the costs associated with these breaches.Businesses are especially vulnerable to cyber security breaches when there are employees accessing data via computer programs, email, websites, and databases both inside and outside the company. This creates several opportunities for hackers to penetrate your network.A prime target for hackers using wire fraud to obtain data is business bank accounts, as they tend to have large cash balances. Although banks have precautions to prevent these hacks, one click on a link in a fraudulent email or on a bad website can introduce malicious software (malware) into your company’s network. And the next time an online bank wire transfer is initiated by an employee, the malware could obtain account information and passwords and those credentials to redirect funds to unauthorized parties.Compounding the issue, your ability to recoup losses in this scenario may be limited. Under the Uniform Commercial Code, which governs funds transfers and has been adopted by most states, your bank could very well not be at fault if commercially reasonable security measures were in place and agreed to by your company. You could potentially be liable for the entire financial loss.
Check out these best practices that will limit your risk of wire fraud and the resulting financial loss:
- Use a dedicated computer that is only configured to access your company’s bank accounts. This computer should not be used for anything else. Experts also suggest avoiding the use of Microsoft Windows as the operating system for this computer since it is especially vulnerable to malware.
- Utilize all of the cyber security options available at your financial institution, including things like ACH Positive Pay and security tokens. If you are not familiar with what your bank offers or what you are currently using, ask.
- Require two people to sign off on every wire transaction.
- Review bank account activity daily, particularly ACH and debit transactions.
These best practices, alongside properly trained employees, would complement your existing internal controls and IT policies and procedures. You can never be too careful when it comes to cyber security and protecting your financial assets.
Written by Michael A. Coakley, Director of Audit and Accounting at Kreischer Miller and can be reached at firstname.lastname@example.org or 215.441.4600.