Overlooking these 4 critical measures leaves your business vulnerable to cyber attacks

Here’s the sobering truth: 95% of cyberattacks can be attributed to human error. The more employees you have, the greater the risk of becoming a victim of cybercrime. We all imagine legions of hackers trying to break through our firewalls, and yes, sometimes some succeed. However, the much more common truth is that unsuspecting employees inadvertently grant cybercriminals access to corporate systems and data or are influenced by these hackers to perform dubious (or even illegal) activities.

Even worse are the deliberate deception of people sitting between the keyboard and the chair. Some employees themselves try to cheat the system by changing amounts, bank account details or other details to improve their financial situation. Then there are other outsiders who are up to no good, such as when a supplier or partner sends false or altered documents to the company, such as invoices from the supplier with false bank account details or incorrect amounts.

None of these incidents constitute an indictment of company leadership, security practices, or judgment. They only emphasize that technology alone cannot stop every cyberattack. The key to maximizing protection and minimizing exposure to these attacks is combining technology with the human touch.

Related: Cybercrime will cost the world $8 trillion this year – your money is at risk. Here’s why prioritizing cybersecurity is critical to reducing risk.

1. Secure data starts and ends with people

Many cyberattacks succeed because of simple but avoidable human error or the wrong response to a scam. For example, an employee may reveal usernames and passwords after clicking a link in a phishing email. They can open an email attachment that unknowingly installs ransomware or other equally destructive malware on the corporate network. Or they can just choose easy-to-guess passwords. These are just a few examples that could allow cybercriminals to attack.

To minimize the risk of human error, consider implementing the following measures to keep your business well protected.

• Increase employee awareness and training: Organize periodic training on cybersecurity best practices, recognizing phishing emails, avoiding social engineering attacks, and understanding the importance of secure data processing. In 2022, approximately 10% of cyberattack attempts were thwarted because they were reported by employees, but they can only report such attempts if they recognize them.
• Build a safety culture: Ensure that everyone in their positions actively protects company assets by promoting open communication about security issues, recognizing employees who demonstrate sound security practices, and incorporating security into performance evaluations.
• Apply stricter access controls: Access control limits the number of people who can view or change sensitive company data and systems. Applying “principle of least privilege” access control and educating employees about the risks of account sharing can reduce unauthorized access and data leakage.
• Use password managers: Strong passwords are hard to crack, but hard to remember. Password management software can create and store hard-to-guess passwords without having to “write” them.
• Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring an additional verification method – such as a fingerprint or one-time code – in case a criminal intercepts an employee’s password.
• Implement fraud detection processes for incoming documents: These processes are designed to identify fraudulent documents (such as fake invoices) on a receipt before they can be processed.

2. Reduce your exposure to cyberattacks and fraud with technology and automation

While a lack of awareness, training, reconnaissance, and processes account for the success of most cyberattacks, you still need technological barriers to stop determined hackers from accessing your systems. Finance and accounting offices are prime targets for cyberattacks and fraudsters, so Accounts Payable (AP) systems are prime targets if they get in.

In fact, 74% of businesses experience attempted or actual payment fraud. Commitment scams use AP systems and related data and documents for malicious activities such as:

• Creating fake supplier accounts and fake invoices for them.
• Change payment amounts, bank details or dates on important invoices.
• Check manipulation.
• Making fraudulent reimbursement.

Related: What is phishing? Here’s how to protect yourself from attacks.

3. Keep the bad guys away

Of course, you’ll want your IT department to use technology primarily to thwart unauthorized attempts to access networks and systems. In addition to the venerable firewall, some trusted systems include:

• Intrusion Detection and Prevention System (IDPS) monitors network traffic for malicious activity or policy violations and can automatically take action to block or report these activities.
• artificial intelligence (AI) plays a significant role in cybersecurity by using machine learning algorithms to analyze volumes of data, identify patterns, and anticipate potential threats. It can identify attack vectors and respond quickly and effectively to cyber threats that humans cannot cope with.
• Data encryption ensures that only authorized persons with the correct decryption key have access to the contents of the file, protecting sensitive data at rest (stored on devices) and in transit (over networks).

4. Protection against fraud from within

Whether a cybercriminal slips through all these barriers or an unscrupulous employee is determined to commit AP fraud, various types of automation can detect and prevent a successful cyberattack.

• Automated employee activity monitoring: This can help identify suspicious behavior and potential security threats. The software tracks user activity, analyzes logs for signs of unauthorized access, and regularly audits user access rights. Of course, employees should know that they are being monitored and to what extent.
• Comprehensive automation of the payment process on one platform: It removes human error (and human scruples) from the equation except for exceptions. Encrypted receipt/acceptance of electronic invoices from suppliers, automatic matching of invoices to orders, and electronic payments – all without human intervention – are examples of how automation removes the possibility (and temptation) of committing AP fraud.
• Document-level change detection takes this protection a step further: This automated technology can detect when a sneaky cyber thief with access to underlying systems makes unauthorized attempts to access, modify or delete sensitive documents, including purchase orders, invoices and payment authorizations. These tools alert administrators and provide detailed audit trails of document activity, helping to detect and prevent AP fraud, whether from outside or inside.
• Detecting unusual data patterns: Let AP staff take a closer look before allowing your invoice to be processed and paid. Using machine learning and artificial intelligence, automated systems can compare data with historical data, flagging suspicious changes to bank details, supplier official name and address, and unusual payment amounts.

Related: How AI and machine learning are improving Fintech fraud detection

It is almost impossible to completely protect yourself from cyber theft and AP fraud, especially when most of the vulnerabilities and faults lie with people. You need to focus your security efforts on the perfect balance between cutting-edge technology and people between the keyboard and the chair. Proper and ongoing training can reduce the number of human errors that make cyberattacks successful. And technology and automation can prevent attacks from reaching people in the first place. However, the right combination of these two elements is the key to defeating potential scammers.