Security policies
Establishing clear and cohesive policies on financial instructions should be a security measure to consider so that everyone can receive and verify them. In this regard, employees of organisations should have access to training on the most common methods of cyber fraud and how to act in the event of an attempted attack.
Identity verification
Implement strict identity verification procedures for financial transfers, especially when made via electronic communications. It is always important to confirm any request to change IBAN or other bank details by another means (e.g. a telephone call).
Multi-factor authentication
Use the 2-factor or more authentication method, particularly for sensitive communications and transactions. This security measure guarantees that even if one credential is compromised, there is a second mandatory factor to complete the transaction.
Approval procedures
Implementing approval procedures for financial transfers, which require multiple authorisations from different employees, increases security and reduces the likelihood of cyber attackers being able to carry out a cyber attack.
Monitoring and analysing behaviour
Use monitoring tools to analyse patterns of behaviour in communications and transactions, so that configured alerts can detect unusual activity.
Security tests and audits
Carrying out regular security tests, including phishing and fraud simulations to identify vulnerabilities, is another security practice that should be adopted in a situation like this. We should also regularly audit security practices and financial management policies.
Use technological tools
Implement cybersecurity solutions that help identify and mitigate fraud attempts, such as intrusion detection systems (IDS) and data loss prevention (DLP).
Rapid responses and contingency plans
Developing and training for rapid responses to security incidents can be another key step in preventing cyberattacks. This can include drawing up contingency plans to mitigate the impact of successful frauds.
Secure communication
Using encrypted communication channels to process financial data can also be a cybersecurity practice to take into account in this type of situation. On the other hand, defining clear protocols for official company communications can also be an asset for organisations.
Full story here (content in PT).
