Risky Business: 3 Strategies For (Healthcare) CFOs To Fight Cyberattacks
CFO Magazine recently posted a piece entitled, “Cyberattack Bullseye Is Squarely on Medical Industry,” that explores the persistent threats targeting healthcare organizations. As IT and security teams have their hands full fending off attackers who want to steal sensitive data and even hold their networks ransom, finance teams have to step forward to do their part in ensuring that the critical assets under their purview are protected. CFOs and their teams face a number of threats, ranging from CEO fraud, to fake invoices, and BEC scams, and they need to be prepared to identify these threats and respond accordingly.
The CFO Magazine article shared three great strategies to fight off cyberattacks: be proactive, have a plan mapped out, and identify your weaknesses. To build on the advice that article provided, here are a few more tips that CFOs in healthcare – or any other industry – can implement to minimize risks:
- Be proactive – Learn about the types of scams and attacks that are most likely to target people in your industry and job function. For example,fake invoice scams and CEO fraud are common tactics that can dupe finance professionals and be responsible for significant losses.
Whether it’s someone impersonating the CEO to instruct staff to wire funds, a real vendor submitting invoices for services never delivered, or a con artist assuming the identity of a real vendor, finance professional that have even a basic awareness of the types of fraud/cyberattacks out there (and a little bit of skepticism!) will help to reduce risks to their business.
- Have a plan mapped out – Each year, thousands of businesses fall victim to these scams, and they are often prevented with simple financial controls. From an accounting perspective, a slight procedural change to how payments are approved could go a long way towards ensuring that your company is not the next victim. Segregation of duties and dual payment approvals work well to prevent large losses. It should be a standard practice to ensure that large invoices and payments require dual controls.
However, even with the best controls in place, it’s critical that your business has some level of cybersecurity/fraud protection. At MineralTree, we provide customers with SilverGuard – included with our solution at no cost to provide online fraud loss protection up to $100,000 per year.
- Identify your weaknesses – Does your business use paper checks? Results from the most recentAFP Payments Fraud and Control Survey report that nearly three-quarters of companies experienced actual or attempted check fraud. Not only are paper checks susceptible to fraud, but the manual processes that paper checks involve are error prone, expensive, and labor intensive.
If you want to get ahead of the cyber-risks facing finance professionals, we’re here to help! Don’t wait to visit us online at www.mineraltree.com to learn about the different ways we help protect our customers from fraud, and share your questions and comments with @MineralTree on Twitter.← Back to Invoice-to-Blog