In Pursuit of Profit
Read our expert article below or sign up to get articles sent to your inbox.
Cybercriminals are targeting your company right now, and it’s your job to stay informed about the most common cyber scams and take the right precautions to avoid falling victim to a cyberattack! Bookkeepers and accountants are on the frontlines of this rapidly emerging battle, making them an integral part of keeping your company safe.
Implement & Maintain Internal Controls
Proper internal controls are going to be the foundation of a company’s risk mitigation efforts. Internal controls not only prevent fraud internally, but also serve to control risk externally. The most common internal controls related to cybercrime include:
Internal controls can help prevent loss from cyberattacks by limiting the number of employees with access to sensitive data and valuable information, thereby reducing the severity of a cyberattack if a login is compromised. Additionally, these types of internal controls can help mitigate loss by increasing the likelihood that a cyberattack will be discovered sooner rather than later to minimize loss if it is indeed successful.
Conduct Cyber Fraud Training
Remember, the best defense is a good offense. Keep employees abreast of the latest trends in cybercrimes to keep them on the lookout for anything suspicious. With cyberattacks increasing in frequency year-over-year, the most common cyberattacks are constantly evolving and getting harder to detect, which means your employees need ongoing training to stay up to date on the newest tactics being used by criminals. Ensure that they know what to look for, how to respond, and who to tell if they suspect something is amiss.
For example, if a bookkeeper receives an email with an attached receipt for an ACH transfer from what appears to be a bogus sender for a transaction they do not recognize, ensure that they know that they should report the email as a phishing attempt to their IT team without opening the attachment. This type of training should be done regularly (at least annually, but ideally monthly or quarterly) to keep employees vigilant.
If feasible, cybersecurity training may include cyber threat tests as well. Using the same example, a company’s IT department could send out mock phishing emails to test whether employees open a suspicious attachment and how they respond after realizing they may have been compromised. The information gathered can then be used to inform future training efforts – identifying areas that need more clarification and working more closely with employees that need extra help.
Create Formal Policies
An accounting policies and procedures manual outlines which accounting activities need to be done, when, and by whom. This is a critical document for bookkeeping and accounting teams to use as new staff are hired or processes are outsourced to ensure everyone is on the same page. These policies govern everything that is done in relation to the company’s finances to reduce the kind of ambiguity that opportunistic cybercriminals take advantage of to commit crimes. An organization’s accounting policies will include information about safeguarding financial data, granting account access to financial systems, performing bank and credit reconciliations, processing payments, sending invoices, issuing reimbursements, generating financial reports, and numerous other accounting activities.
Practice Cautious Vendor Management
If you lock your doors every time you leave your house, your belongings won’t get stollen, right? Maybe, but not if your teenager leaves the door unlocked! Don’t let your vendors and partners leave the door open for a cyberattack against you. Utilize reputable service providers and ensure that anyone external who has access to your systems is taking the same precautions that you are.
Between vendors, partners, third-party contractors, and consultants understand who has access to what and regularly assess how that access is being used and whether it is still needed. When it comes to using sensitive information, understand how that is being accessed, stored, and transmitted to avoid creating security vulnerabilities. Even the most altruistic partners can create a security vulnerability if there is something missing with their policies and safeguards.
Audit Security Measures
Without knowing where the organization is currently, leadership cannot appropriately assess what else needs to be done to protect it in the future. Look for areas where there are gaps or weak spots in your cybersecurity measures and identify how you will improve them.
Solicit employee feedback in this area to gain additional perspective, taking all recommendations and criticisms seriously. This is your chance to see your company’s security measures through the eyes of the people at the crosshairs of a cybercriminal’s sights.
If you need better internal controls, let our team help! We provide outsourced accounting services for companies that need part-time or interim solutions. Our experienced accountants work across multiple regions to provide senior accounting services including the creation and maintenance of internal control systems to mitigate fraud risk.