Strengthen fraud protection and consider cyber insurance

by Amber Frantz & Kaarin Long
For The Review

Data breaches and other cybercrimes affect small and medium-sized businesses as well as the large companies so often featured in the news.

In our experiences as treasury management advisors— which includes helping businesses ensure adequate and appropriate fraud controls— we’ve seen some scary fraud attempts. We suggest to all business owners to ask an experienced banker about his or her exposure to fraud cases over the year. We hope you’ll be scared, too, because by understanding the all too real risks to your business, you can help prevent fraud.

Prevention is absolutely the most important thing to focus on. Consider this conclusion from Certified Fraud Examiners in a 2016 report issued by the Association of Certified Fraud Examiners (AFCE): “Small organizations had a significantly lower implementation rate of anti-fraud controls than large organizations. This gap in fraud prevention and detection coverage leaves small organizations extremely susceptible to frauds that can cause significant damage to their limited resources.”

Our message is always to work toward strengthening and maintaining your approach to fraud prevention.

Then, secondarily, you may also wish to contact an insurance professional to discuss whether a cyber insurance policy may be a fit for your business. We have personally seen a few examples where such policies recouped their costs after instances of fraud.

From our perspective in treasury management, we’d offer several questions you may like to discuss with an insurance professional if you are exploring a cyber insurance policy for your business:

• Does the insurance company offer one or more types of cyber insurance policies or is the coverage simply an extension to an existing policy? In most cases, a standalone policy is best and more comprehensive. Also find out if the policy is customizable to an organization.

• What are the deductibles? Be sure to compare deductibles closely among insurers, just like you do with health, vehicle and facility policies.• How do coverage and limits apply to both first and third parties? For example, does the policy cover third-party service providers? On that note, find out if your service providers have cyber insurance and how it affects your agreement.

• Does the policy cover any attack to which an organization falls victim to or only targeted attacks against that organization in particular?

• Does the policy cover non-malicious actions taken by an employee? This is part of the errors and omissions (E&O) coverage that applies to cyber insurance as well.

• Does the policy cover social engineering as well as network attacks? Social engineering plays a role in all kinds of attacks, including phishing, spear phishing and advanced persistent threats (APTs).

• Because APTs take place over time, which can be months to years, does the policy include time frames within which coverage applies?

We’d like to suggest that while you keep these important questions in mind you also make sure to pay equal or more attention to establishing and maintaining anti-fraud controls to reduce your organization’s vulnerability.

In particular, you need to minimize risks created by malware, as well as “phishing,” in which hackers attempt to access passwords and other sensitive information that can give them access to your electronic systems. To reduce these vulnerabilities:

• Dedicate separate computers for internet browsing and online banking access.

• On computers used for banking, block plugins and pop-ups.

• Keep your software up to date.

• Change employee passwords frequently.

• Use Positive Pay (an electronic system for comparing cleared items with a file of known issues) and ACH debit filters and blocks to identify suspicious transactions.

• Reconcile your accounts daily online.

Finally, be sure to talk to your bankers and insurance professionals about their experiences with fraud cases. As we said above, we hope you’ll be a bit frightened by what you hear—because electronic fraud is all too common and damaging.

Amber Frantz (afrantz@wisconsinbankandtrust.com.) and Kaarin Long (klong@wisconsinbankandtrust.com) are treasury management advisors for Wisconsin Bank & Trust. Wisconsin Bank & Trust, Member FDIC


Most recent cover pages:













Poll
POLL: Do you think Elkhart Lake made the right decision in not allowing Strawberry the pot-bellied pig?:

Copyright 2009-2018 The Plymouth Review, All Rights Reserved

Contact Information

113 E. Mill St., Plymouth WI 53073
Local: 920-893-6411 Toll Free: 1-877-467-6591
Fax: 920-893-5505