A Brighter Way
A Brighter Way
Cybercrime experts estimate that fraudulent activities will be at their worst in 2011 and 2012. Earthquakes, tsunamis, tornados, hurricanes and floods are occurring with increasing frequency. So here’s the obvious question: are you doing enough to protect your financial information?
It’s easy to say “it will never happen to us.” But it could happen to you. And there are several things you should do to lessen the chances that your office will be a victim. How many do you practice?
One of the first places you can improve security and preserve information is with your computer system. Start with password-protected programs and firewalls. However, even steps like checking your vendor list, employee master list and time and billing files can help ensure that your financial information is secure. Programs are available to check for duplicate payments of invoices, as well as incomplete or missing vendor addresses, too.
For as much of a staple as anti-virus software has become, the number of businesses that do not have adequate anti-virus protection is surprising. This is not a place for one-size-fits-all. Look for software that fits the size and scope of your computer system and protects any specific operating systems or networks your business has. You’ll also want your anti-virus software to provide a firewall for your entire network, and provide automatic sweeps. Finally, look for software that updates regularly so that you’re protected from the latest security threats.
Sometimes an office can have a false sense of security when employees perform a daily files back-up. The back-up should be tested a minimum of once each year to ensure it is working properly, and a back-up computer should be available off-site to read the files in the event of an emergency.
Ideally, your office should review the back-up tape against your current information to ensure that it really is current and correct.
How secure is your system against outside hackers? Having a professional attempt to hack into your system can help you determine if your firewalls and security measures are really protecting your information. With today’s privacy laws, including the Red Flags Rule, scrutiny of your safeguards is greater than ever – and the consequences of poor security are also at their worst.
Testing your security is even more vital if your website contains a portal that allows clients to access your data.
With the popularity of cloud computing, in which computer applications and files are stored off-site, the convenience of storing the information and software outside your office can be offset with additional security concerns.
Ask yourself:
Are you managing the data center yourself or having a third party manage or host it?
What cloud services do you need? There are also a wide range of cloud services, from virtual machines, to email, to CRM, to software or office suites such as Google Apps.
What security threats are important to you? Know whether sensitive information is leaked or stolen, an inside threat from a disgruntled employee, critical response system resources or software bugs or vulnerabilities that lead to accidental exposure of information, or loss of ability to ensure strong user authentication.
Do you need to comply with government regulations such as HIPAA and SOX?
If possible, only use service providers you know and trust. Look for good security training, vetting and allowing only a small group of select employees physical access to the computers. Operators should not have access to customer data. Your provider should choose the most secure operating systems and carefully configure the system. If possible, they should also “clean house” between users, reloading the operating system and zeroing out the memory.
Data in the cloud, especially in the United States, appears to be easier for the government to obtain than data you store yourself. It is also easier to do so secretly – which raises security and privacy concerns and may lead to updated laws.
Pay close attention to daily account transactions. Some banks allow only one to two days to report a fraudulent transaction, which makes it difficult for businesses that review their accounts less frequently to notice the discrepancy in time to report it. Regularly review the bank ledger or have the business bank statements sent to another address to help deter an employee from committing fraud. However, the vigil for detection of external fraud should never end.
Use your bank’s debit filters. Processes such as positive pay or reverse positive pay will allow you to provide a list of approved transactions, and those that don’t match aren’t paid. Positive pay matches the account number, check number and dollar amount of each check presented for payment against a list of checks previously authorized and issued by the company. All three components must match exactly or the check is not honored.
Reverse positive pay works similarly, but the process is reversed. The company, not the bank, maintains the list of checks issued. When checks are presented for payment and clear through the Federal Reserve System, the Federal Reserve prepares a file of the check’s account numbers, serial numbers and dollar amounts and sends the file to the bank. The bank sends that file to the company, where the company compares the information with its internal records. The company notifies the bank regarding which checks match its records, and the bank pays those items.
Note: This content is accurate as of the date published above and is subject to change. Please seek professional advice before acting on any matter contained in this article.
