Entries tagged with “Security”.
Did you find what you wanted?
Dec 16 2014
An ongoing attack into corporate America has been trying to infiltrate more than 100 mostly pharmaceutical and health care companies in one of the latest examples of cyber security breaches regarding financial data. This time, the goal is not to take money, but instead to take information. The objective is market-moving information about publicly-traded companies that can be used for a different kind of crime – insider trading.
Cyber security firm Fire Eye recently disclosed the operation, telling Reuters that the hackers were very specific in their method of attack: They targeted only people with access to inside information that could be used to make profitable trades before that information became publicly available.
While Fire Eye declined to disclose the identities of specific victims, the firm says victims include corporate advisors, investment bankers, attorneys, investor relations firms, and others that could have access to corporate information. Fire Eye acknowledges that information has been compromised, but the firm says it does not know whether any trades were made using that information. Fire Eye calls the group “FIN 4” because it ranks number 4 among the large, financially motivated groups that Fire Eye tracks. Fire Eye has already reported the group to the FBI, though the bureau is not commenting on FIN 4 for now.
FIN 4 doesn’t operate by infecting corporate computers with malware. Instead, its hackers steal e-mail account passwords. Using those compromised accounts, the hackers then send phishing e-mails to try to gain inside information. Fire Eye says that FIN 4 covers its tracks by using Tor, a service that masks the location of Internet users.
“They are going after the weakest link in the security chain, people,” Kevin Westin, a security analyst for threat detection firm Tripwire, told Top Tech News. “Given the targets and the data compromised you could call this white collar cybercrime because the goal appears to be industrial espionage.”
Strict password protocols are a must for thwarting hackers seeking inside information. Employees should be required to have different and distinct passwords for each web service they use from the company. Corporations should also consider two-factor authentication, which would require users to enter a second code provided by text message or on another device, such as an authentication device that changes passwords each time it is used. And employees should be trained on phishing tactics that could be used to procure sensitive business information. To learn more about how to make your business more secure, contact us.
Dec 12 2014
A major mail courier was recently the victim of a cyber security breach. The breach effected both employees and customers. The cyber criminals stole data that can potentially be used for identity theft.
It’s important that people are aware of this episode of data breach. Although there’s no evidence that the data was used maliciously, there’s still a cause for concern.
This case is just another reason why businesses should take additional steps to protect their financial data. According to recent article, the reason for the data breach was the mail courier’s employees weren’t following protocol regarding network security.
This means that it’s possible that the security breach could have been prevented. Managers aren’t the only ones who have to worry about cyber security. It’s a company-wide issue.
Cyber security works on two levels. First, businesses need to invest in the proper equipment to protect their network and data and prevent security breaches. Without the right infrastructure, businesses are putting their data at risk.
But even if businesses purchase the best equipment, it won’t mean anything if employees aren’t trained in cyber security. Businesses have to establish a strict cyber security policy and train their employees how to protect business data.
The mail courier is now conducting an internal investigation to find out what exactly caused the breach. Your business can avoid all of this by investing in cyber security and training your employees.
To talk more about how to prevent cyber security breaches, please contact us.
Dec 11 2014
Posted by Sara Davis
The number one best solution to fraud prevention for small businesses is an anonymous tip hotline. A recent study conducted by the American Institute of Certified Public Accountants (AICPA) showed that 59 percent of forensic accountants believe internal whistle-blower hotlines are the most useful investment a business of any size can make to deter fraud.
What is a tip hotline?
A hotline is a safe place that people can call to report violations about your company practices or employees. The Association of Certified Fraud Examiners (ACFE) recommends EthicsLine for confidential reporting 24 hours a day, year-round. Other companies such as Fraud Hotline offer yearly packages for small businesses and non-profit organizations for $500 or less.
Why is a tip hotline important?
Since the Sarbanes-Oxley Act of 2002, public companies must implement fraud reporting to be compliant with federal regulatory requirements to receive and track complaints. Private companies are utilizing them as well as an inexpensive and effective method for preventing fraud.
Not only does a tip line show fairness in an organization, it can help a company defend against lawsuits. Implementations of tip lines have been shown to diminish the time of existing fraud schemes by 50 percent or more. According to a 2012 ACFE study, almost half the tips come from employees, but another 17.8 percent come from customers. Vendors and anonymous callers make up the next largest reporting segment with 25 percent of the reporting between the two of them.
What should you look for in a tip line?
Shopping around and finding the best fit for your business is key. There are many questions to ask:
-Does the organization need multilingual services?
-Does the tip line need to be 24/7/365, or can it match business hours.
-Will there be toll-free operators, or message systems?
-Can input be accepted by email or fax?
-Is there case management, and resolution of each report?
-Is there a location where someone can speak to a live person?
-Will there be anonymity? (Studies show lack of anonymity affects peoples’ willingness to report.)
Although tip lines that include in-person services and case management cost significantly more than web or cloud-based options, they’ve been shown to strengthen a company’s legal standing in the event of a lawsuit.
Every organization decides what sort of tip line works best for them. However, even if the company chooses to start small, having any tip line is better than having none at all.
Contact us for more information on preventing fraud.
Dec 9 2014
Posted by Sara Davis
When fraud is improperly managed, it’s not only money and assets that are lost. Companies also lose intellectual property and people when trust in the company culture is lost. To be able to survive and thrive, fraud prevention is essential for all small businesses.
Preventing fraud in the workplace is not as simple as separating the accounts receivable and the accounts payable position. Management and administrators must also know who is most likely to commit fraud, and how the fraud can be detected.
Who is likely to commit fraud?
According to the Association of Certified Fraud Examiners (ACFE), males are twice as likely as females to commit fraud. Also, their average “take” is twice as high. Single perpetrators are twice as prevalent as groups when it comes to defrauding – 64 percent of all frauds are committed by one person. The losses from these individuals are staggering, nearly five times the amount of multiple perpetrators.
The largest losses are likely to come from the top, rather than the bottom of the organizational chart with owners and executives stealing far more than low-level employees. Long-term employees are much more likely to steal than the new people.
Much of this has to do with trust. Employers are more likely to place their trust in those individuals with a long tenure and a large amount of responsibility. For this reason, measures should be in place so that stealing is more difficult – these measures are called internal controls.
What are people most likely to steal?
The four types of assets most commonly stolen are: cash, inventory, information and securities. Although cash is the most common type of theft at 88 percent, securities fraud has an average loss of $1.85 million.
When it comes to fraud, “cash” is rarely in the form of greenbacks. Fraudulent disbursements are where almost 72 percent of theft occurs. Practices like “skimming” are when an employee accepts payment from a customer but does not record a sale. There is also “cash larceny” which is where an employee steals cash and checks from daily receipts before they can be deposited.
How to prevent small business fraud?
- A good set of internal controls is vital. Examples: Reconciling bank statements each month, splitting the financial processes over several people, and protecting cash and checks against unauthorized use.
- Implementing an anonymous tip line where fraud can be safely reported without fear of repercussion. This should coincide with company training about fraud and ethical behavior.
- Implementing a mandatory vacation policy. If an employee, particularly one in the financial departments, refuses to take a vacation, it can be because they cannot afford to have anyone look too closely at their activities.
- Open communication and perceptive hiring. If an employee begins to live above his or her means, fraud should be considered.
Please contact us for more information on fraud prevention in your business.
Dec 8 2014
Posted by Sara Davis
Small businesses don’t have many of the luxuries that large corporations enjoy. One errant transaction, for example, will affect a small business much more than it would a corporation. That’s why small businesses have to practice fraud prevention at all times.
A general rule of thumb would be that if anything seems too good to be true, than it probably is. But fraud prevention goes much deeper than this. Sometimes, businesses have to look out for seemingly normal transactions.
There are characteristics of suspicious transactions that all business owners should be aware of. On top of this, they should pass this knowledge on to employees so the entire company will be aware.
A recent Business 2 Community article talks about fraud prevention and describes some telltale signs of suspicious transactions. According to the article, businesses should always look closely at a buyer’s billing address:
“Be wary of unusually large orders placed online without any contact from the customer, or rush orders for large quantities or for expensive goods, warns Janet Attard, author of The Home Office and Small Business Answer Book. Other red flags: orders shipped to a different address than the billing address; orders from foreign countries; and billing addresses that don’t match the information on file with the credit card company.”
If a buyer actually lives at his or her recorded billing address, it would be relatively easy for businesses to respond to any foul play. But if the billing address is a fake, then businesses have no real way of tracking down the buyer.
We wish that we didn’t have to warn business owners about fraud, but that’s the reality we face today. You can’t just take a transaction for what it is. If you want to actually receive money, you have to have a system in place to prevent fraud.
To talk more about fraud prevention, or anything else, please contact us.