Everyone knows that fraud, in all its forms, is expensive. According to the Association of Certified Fraud Examiners, the typical organization loses 5% of its revenue any given year to fraud. Assuming you don't want to hand over 5% of your financial institution's revenue to fraudsters each year, here are some tips to tighten your electronic controls and prevent cyber attacks, which affect the majority of companies on a daily or weekly basis.
1. Ensure all computers are running the most up-to-date operating system, web browser, and software
Every time a software manufacturer releases a new version, it will include fixes and updates that "plug holes" and prevent hackers from accessing your systems. Be sure to update all your systems and software to the latest versions whenever available, and install patches regularly. Just one outdated computer provides a criminal with easy access to your institution's and members' records, files, and financial information.
2. Install a firewall
Stop unauthorized users from accessing your system by installing a firewall, which controls access to your systems and approves only those requests that appear on your "allowed" list, while still granting your institution's internal employees the ability to work freely. The security of a firewall is the strongest and most reliable way to keep would-be attackers and thieves out of your institution's systems.
3. Install protective software
Yes, I know the computer supplies list is getting long! But another necessary protection is software that stops and destroys viruses, spyware, and phishing attempts. This protective software is widely available from a number of reputable vendors. Like your operating system, you must make sure your protective software is always up to date. For maximum protection, set it to update itself automatically.
4. Protect your networks and data
In addition to installing a firewall, you must take measures to protect your company's networks and data, both from outsiders and from employees who may be tempted to use company information or resources for personal gain.
Hide your institution's wi-fi name from public view.
Encrypt your wireless network and all stored organizational information.
Ensure your website remains as you intended by using protected platforms to host all of your institution's web pages, not just the transaction pages.
Related reading: 4 Ways to Minimize Employee Fraud and Theft
5. Educate employees and require compliance
Unfortunately, even our best efforts at protection will fail if our employees are not educated on what's expected of them and required to comply. Take the following measures with all employees:
To minimize potential problems, run an extensive background check on all prospective employees. Check court/legal activity and previous employment records for any hint of impropriety or misbehavior. While adhering to your state's hiring laws, avoid hiring anybody you believe may be a bad risk.
Outline clear policies covering employees' expected behavior online, in social media, and in handling their own and members' data. To ensure you have records of employees' agreement, require employees to "OK" your policies on screen regularly (e.g., weekly or daily).
Safeguard employees' machines and access by requiring all employees to use complex passwords that are changed regularly. Generally, a password of eight or more characters, with both upper and lower case letters and at least one number, is considered strong. Require employees to change their passwords every two to three months.
To stop employees from accidentally introducing a virus to your network, allow only network administrators to install programs on institution computers.
Regardless of the methods you choose to implement, your most important tasks are to pay attention and take action to prevent cyber fraud at your financial institution. As with all criminals, cybercriminals thrive on opportunity; if you make it difficult to steal from your institution, thieves are less likely to try and far less likely to succeed.
If your institution experiences a security breach, cyber liability insurance can provide protection. Your main concern after a breach is minimizing the amount of compromised information and working with your insurance provider to rectify the issue and manage any losses. Most policies include a range of deductibles to fit your institution's needs, high coverage limits, and credit monitoring. It's easy and quick to obtain a quote.