In today's interconnected world where businesses increasingly rely on data and networks, a single sophisticated cyberattack on a business can inflict as much harm as a natural disaster.
And while large companies like Target, Home Depot and Apple have been caught in the headlines over the past couple of years due to high-profile cyberattacks, smaller companies – and manufacturers in particular – often underestimate the threat, feeling that they’re small enough to fly under the radar.
However, small businesses are actually victimized more than any other business size category, according to the Association of Certified Fraud Examiners' 2014 Report to the Nations on Occupational Fraud and Abuse. While small businesses are certainly susceptible to a wide array of threats, there are three that stand out as particularly important for manufacturers: masquerading, intellectual property theft and cybersecurity breaches. The good news is that there are relatively low-cost measures to help bar the door against each of these risks.
The FBI recently estimated that wire fraud and masquerading losses among U.S. companies totaled nearly $750 million between October 2013 and August 2015. Globally, that figure is nearly $1.2 billion. As small- and medium-size manufacturers expand domestically and internationally – thereby broadening their networks of vendors, business connections and customers – the risk of payments fraud rises.
Masquerading is a payments scheme in which a fraudster impersonates a company executive or outside vendor and requests a wire transfer through a phone call or email to a company controller, or someone else with authority to wire funds. The controller will usually tell the business's bank to wire the funds because the email or phone call seems legitimate.
Since these fraudulent wire transfers frequently go overseas, it can be very difficult to recoup the funds. However, there are four simple steps to help manufacturers thwart masquerading attempts:
1. Develop an approval process for large transactions. Require approval from two or more executives for large wire transfers to protect against threats of internal and external fraud.
2. Use a purchase order model for wire transfers. Many companies require a purchase order number to spend money. Apply this model to match all wire transfers to a purchase order reference number, which provides another layer of control.
3. Confirm and reconfirm. Use multiple means of communication to verify wire transfers are legitimate. If the initial request comes in email, then call the person to get a verbal confirmation.
4. Stay in touch with your bank. If a transaction seems suspicious at any point in the process – even after a wire has been sent – contact your financial institution immediately.
Intellectual property is vital to manufacturers. Product blueprints and trade secrets are essentially the "keys to the kingdom." With them, practically anyone can replicate a product.
Protecting intellectual property requires screening employees and vendors as well as securing networks, computer devices and equipment against intrusion from malware and spyware — malicious software that can disrupt devices and networks or capture confidential data and send it to hackers. Luckily, there are easy steps to help protect intellectual property:
1. Definitions. Define what constitutes the business's intellectual property. Is it a product, a process, R&D, source code or a logo design?
2. Storage. Identify all the places this intellectual property is stored or located. Is information related to the company's trade secrets in printed blueprints, on a server, locked in a vault, programmed into equipment on the manufacturing floor or in an email?
3. People. Maintain an up-to-date list of who knows about company trade secrets, both inside and outside the company. Are they under nondisclosure agreements and other terms that protect the business?
4. Access. Give employees, vendors and others the least amount of access possible to do their jobs. The more people who have access, the greater the risk.
As manufacturing has become increasingly automated, digital assets such as websites and email have become vulnerable to a range of cyberattacks — from criminals determined to plant spyware to track and steal secrets, to denial-of-service attacks that overwhelm company websites. There are six simple steps to help protect against email and website attacks:
1. Install anti-virus protection on every computer and device on the company's network.
2. Educate employees to recognize, avoid and report suspicious emails containing attachments or hyperlinks, the telltale signs of phishing, in which hackers use electronic communications to steal sensitive information.
3. Be discerning with privilege. Employees and outside vendors using a company's network should have access to only those applications that their jobs require.
4. Enforce two-factor authentication for administrative access to the company's critical servers. Verifying a user's identity through separate channels – text or email, for example – helps prevent anyone from having access to a device without first confirming his or her identity through an alternate means of communication.
5. Ensure software and operating systems are current and that updates are installed quickly.
6. Maintain a separate administrator account with a unique password so that if an IT administrator's primary email or passwords are compromised, hackers will still not have administrative rights to gain control of servers and networks.
The stakes are high, but manufacturers can help themselves mitigate common threats like masquerading, intellectual property theft, and cyber espionage. Simple measures today can go a long way toward fortifying your business for the future.
For more fraud and security tips from David Pollino visit the Your Business blog at www.blog.bankofthewest.com.