The opinions expressed by Entrepreneur members are their own.
Here is the sobering truth: 95% of cyberattacks can be attributed to human error. The more employees you have, the higher the risk of becoming a victim of cybercrime. We all imagine legions of hackers trying to break into our firewalls, and yes, sometimes some succeed. But the far more common truth is that unsuspecting employees are inadvertently giving these cybercriminals access to corporate systems and data, or that these hackers are inciting them to commit questionable (or even illegal) activities.
Even worse are the deliberate fraudulent actions of people sitting between the keyboard and the chair. Some employees themselves try to cheat the system by changing amounts, bank account details or other data in order to improve their personal financial situation. In addition, there are other external people who do not provide value, such as when a supplier or partner sends fake or altered documents to the company, such as supplier invoices with fake bank account details or incorrect amounts.
None of these cases is an indictment of company executives, security practices, or judgment. They simply emphasize that technology alone cannot stop every cyberattack. The key to maximizing protection and minimizing exposure to these attacks is to combine technology with the human touch.
On the subject: Cybercrime will cost the world $ 8 trillion this year – your money is at risk. This is why prioritizing cybersecurity is critical to mitigate risk.
1. Secure data starts and ends with people
Many cyberattacks have succeeded due to simple but preventable human error or the wrong response to fraud. For example, an employee may reveal usernames and passwords after clicking on a link in a phishing email. They can open an email attachment that unknowingly installs ransomware or other equally destructive malware on the corporate network. Or they may simply choose easy-to-guess passwords. These are just a few examples that may allow cyber thieves to attack.
To minimize the risks associated with human error, consider implementing the following measures to keep your business secure.
- Raising awareness and training of employees: Provide periodic training on cybersecurity best practices, phishing email recognition, social engineering attack prevention, and understanding the importance of secure data processing. In 2022 about 10% of cyberattack attempts were prevented because employees have reported them, but they can only report such attempts if they recognize them.
- Build a culture of safety: Ensure that everyone in their role actively protects company assets by facilitating open communication about security issues, recognizing employees who demonstrate good security practices, and including security in performance evaluations.
- Use stricter access control: Access control restricts who can view or change sensitive company data and systems. Applying “least privilege” access controls and educating employees about the risks of account sharing can limit unauthorized access and data leakage.
- Use password managers: Strong passwords are hard to crack but hard to remember. Password management software can create and store difficult-to-guess passwords without users having to “write them down”.
- Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring an additional verification method—such as a fingerprint or one-time code—in case an attacker steals an employee’s password.
- Implement fraud detection processes for incoming documents: These processes attempt to identify fraudulent documents (such as fake invoices) upon receipt before they can be processed.
2. Reduce exposure to cyberattacks and fraud through technology and automation.
Even though a lack of awareness, training, recognition, and processes is the reason most cyberattacks succeed, you still need technological barriers to try and keep determined hackers from getting into your systems. Financial and accounting offices are top targets for cyberattacks and scammers, so Accounts Payable (AP) systems are a top target if they get infiltrated.
Actually, 74% of companies experience attempted or actual payment fraud. Accounts payable fraud uses AP systems and related data and documents to harm such as:
- Create fake supplier accounts and fake invoices for them.
- Change payment amounts, bank details, or dates on valid invoices.
- Counterfeit checks.
- Making fraudulent reimbursement.
Related: What is phishing? Here’s how to defend against attacks.
3. Keep the bad guys out
Of course, you’ll want your IT department to use technology to prevent unauthorized attempts to access your network and systems. Besides the venerable firewall, some reliable systems include:
- Intrusion Detection and Prevention System (IDPS) monitors network traffic for malicious activity or policy violations and can automatically block or report these activities.
- Artificial Intelligence (AI) plays an important role in cybersecurity, using machine learning algorithms to analyze volumes of data, identify patterns, and predict potential threats. It can identify attack vectors and quickly and effectively respond to cyber threats that humans cannot handle.
- Data encryption ensures that only authorized parties with the correct decryption key can access the contents of the file, protecting sensitive data at rest (stored on devices) and in transit (over the network).
4. Protection against fraud from the inside
Whether a cybercriminal overcomes all these barriers or an unscrupulous employee attempts to commit AP fraud, various types of automation can detect and prevent a successful cyberattack.
- Automated monitoring of employee activities: This can help identify suspicious behavior and potential security risks. The software monitors user activities, analyzes logs for signs of unauthorized access, and regularly checks user access rights. Of course, employees need to be aware that they are being monitored and to what extent.
- Comprehensive automation of the payment process on a single platform: This takes human error (and human doubt) out of the equation, unless there is an exception. Encrypted receipt/receipt of electronic invoices from suppliers, automatic matching of invoices to orders, and electronic payments – all without human intervention – are examples of how automation removes the opportunity (and temptation) to commit fraud using AP.
- Document-level change detection takes this protection one step further: This automated technology can detect when a cunning cyber thief with access to underlying systems is attempting to unauthorizedly access, modify, or delete sensitive documents, including orders, invoices, and payment authorizations. These tools alert administrators and provide detailed audit trails of document activity to help detect and prevent access point fraud, whether it comes from outside or inside.
- Detection of unusual data patterns: Alert AP staff to take another look before allowing invoice processing and payment. Using machine learning and artificial intelligence, automated systems can compare data with historical data, noting suspicious changes in bank details, supplier’s legal name and address, and unusual payment amounts.
RELATED: How Artificial Intelligence and Machine Learning Improve FinTech Fraud Detection
It’s nearly impossible to fully protect yourself from cyber theft and hotspot scams, especially when most of the vulnerabilities and faults involve humans. You should focus your security efforts on the perfect balance between modern technology and people between keyboard and chair. Proper and continuous training can reduce the human error that allows cyberattacks to succeed. And technology and automation can help prevent attacks from reaching people in the first place. But the right combination of these two factors is the key to defeating potential scammers.