The holiday season might be the favorite time of year for fraudsters who are looking to take advantage of busy consumers. However, businesses are just as much at risk. With end-of-year deadlines, employee vacation schedules, and a host of other issues that can pop up this time of year, fraudsters know that this is a perfect time to strike.
As we approach the end of the year, it’s important for business owners and managers to keep their guard up.
What is different about the holidays?
Financial fraud is, unfortunately, a year-round threat. But, the holiday season can bring new challenges that make suspicious activity even harder to notice.
This time of year, many companies are conducting benefit enrollments, end-of-year salary adjustments, and other changes that involve employee communication. This provides fraudsters with opportunities to send well-timed, targeted phishing emails that can result in harm to your business.
For retail business, the addition of seasonal, holiday workers also presents challenges, as these employees may not be familiar with security measures used to identify fraudulent transactions.
And, for companies who award bonuses, the volume and dollar amount of these transactions can help to obscure a fraudulent payment.
How do I protect my business?
The good news is that there are steps you can take to protect your business from fraud, not just during the holidays, but year-round.
- Educate your team. The hallmark of a great security program starts with educated employees. If your employees have questions about the legitimacy of an email, encourage them to pick up the phone and call the appropriate person. Employees shouldn’t click on links or attachments unless they are 100% confident that the email is legitimate.
- Be cautious of payment instructions sent via email. Whenever you receive ACH or Wire instructions via email, you should call the company and verify the routing number and account number. It is far too easy for a fraudster to take over an email account, access that person’s contacts, and send updated payment information. When you do call the company to verify the information, you should only use a verified phone number. Don’t use the phone number that is listed on the instructions.
- For inter-company payment requests, add a call-back verification to your procedures. If the CEO sends an email to Accounting and says that a wire transfer needs to be sent, someone in Accounting should call the CEO to verify the request. Don’t rely on email.
- Don’t bypass dual control procedures. If your company utilizes dual control procedures for tasks, those procedures are likely in-place for a reason. With employees out on vacation, it can be tempting to bypass dual control requirements. But, following these procedures will help protect both your business and your employees.
- Use unique passwords. Don’t use the same password for multiple sites. Instead, use unique passwords for each site. This way, if your Amazon password becomes compromised, a fraudster can’t also use that same password to access your company email account.
If you have questions about how you can better protect your business from fraud, please contact our Treasury Management team at 1.888.262.9226.
About the Author:
Blake Dotson is a treasury management specialist at Central National Bank. When he isn’t writing blog articles or fixing check scanners, he enjoys spending time with his wife and two children, and he loves ALL things Baylor sports.