Download our e-Treasury Secure Browser
Download the Sterling e-Treasury Token Client
Published on May 9, 2024 | Webster Bank
Last updated: May 10, 2024
What would you do if a stalker followed you home from work every day for six months?
You’d take action, and you wouldn’t wait six months. But inside your phone or computer, it could be happening right now.
Let’s say your admin gets an email that appears to be from your address:
Hey Sammy, I’ve got a meeting with Jules at ABC Accounting in about an hour. Would you please shoot me the employee W-2 files? Thanks!
Samantha thinks it’s from you. She fires off the file. And in minutes, all that privileged data is up for sale on the Dark Web.
How did the cybercriminal know that you call Samantha “Sammy?” Or the name of your CPA and his firm? Or when you might be out of the office, opening a window of sneaky opportunity?
The thief (or even a crafty generative AI Bot) has been hunkered down in your computer systems for months, reading your email, noting important details, and crafting a crime using social engineering: manipulating the trust and responsiveness of the people who work for you.
According to a 2024 study conducted by payment fraud prevention platform TrustPair, more than 95 percent of U.S. companies were targeted with at least one fraud attempt in the past year, with 9 out of 10 attacks proving successful. Moreover, the repercussions of these attacks can reach far beyond just the event itself, with 66 percent of companies conceding that they would stop doing business with a partner if they fell victim to fraud.
The question isn’t if a cybercrime will hit you or your business. It’s when and how much will the damage cost you.
Helping businesses avoid cyber fraud is a top priority at Webster Bank, although the solutions go far beyond the bank. Awareness, education, and readiness are crucial, as demonstrated through services like Positive Pay. This review of the current threats and suggested best practices can help you stay on top of the ever-evolving risks.
Nationwide, reports of small businesses being targeted by fraudsters are on the rise — particularly those where senior leadership wears multiple hats. They are taking advantage of the hectic lifestyle of a small business owner. The attackers have also learned that emerging businesses have fewer controls than enterprises.
Small and midsized companies across all industries are at much greater risk today than previously. Cybercriminals recognize that many smaller organizations typically do not have the resources that large enterprises do to secure their environment or have not taken steps to secure their data. This makes them an easier target.
Furthermore, small business owners may not have the required knowledge to address the issue adequately. Their staff doesn’t have the training necessary to spot fraud. Or worse, all too often, they simply (and incorrectly) assume, “It can’t happen to me.”
The fact is, it can—precisely because that’s the mindset the hackers are counting on.
Business owners may think cybercrime is an IT problem. It’s not. It’s a business problem. A data breach is a breach of trust with your customers—one that costs American companies billions of dollars each year.
Up-to-date knowledge and heightened awareness are essential for staff, vendors, and your business.
You do not need to be a large company to implement basic steps that will make your data more secure. Training employees, web filtering, robust antivirus/malware, offsite data backup, next[1]gen firewalls, and device monitoring are all within the means of most organizations.
User education, email protection tools, system and file recovery capability, and tested and documented Disaster Recovery Plans are essential for today’s businesses to protect themselves adequately from an increasingly aggressive climate of fraud.
Other best practices to consider adopting include proactive training through a learning management system, tracking logins to email systems from foreign countries, and using mock security incidents, typically called “tabletops,” to offer hands-on training to internal non[1]technical teams.
Fighting cybercrime today requires an investment in specialized expertise and a commitment to ongoing training. Both are minimal compared to the staggering risks of a data breach.
Cyber awareness is a leadership mindset that managers need to instill in all staff, partners, and providers. Hand-in-hand with vigilance comes technology. Some of the best solutions are low[1]tech: confirming transactions and messages through a phone call. Simple, fast, and effective.
From a banking standpoint, companies also benefit from services that give you important status updates for your transactions: for example, Positive Pay services to warn you about potential check or electronic debit fraud or alerts to report account activity you need to double-check.
We recommend a more detailed review of your account set-up and cash-flow processes to mitigate the impact of cyber fraud. Please contact your relationship manager or the treasury solutions officer at your local Webster Bank branch to review the best practices we’ve learned and shared with clients.
You can also start with our Fraud Awareness and Risk Management Checklist, which is downloadable in a printable PDF worksheet.
The 2024 Ransomware Threat Landscape
Payment Fraud Attempts on U.S. Businesses Spiked 71% in 2023, According to New Trustpair Research
Fraud in the Cyber Era: 2024 Fraud Trends and Insights