TONY SCIARRINO
PACIFIC SEGMENT HEAD, MIDDLE MARKET BANKING AND SPECIALIZED INDUSTRIES
JPMORGAN CHASE
(310) 201-7723
[email protected]
JPMORGAN.COM/COMMERCIAL-BANKING
As Los Angeles-area businesses continue to combat inflation, rising interest rates and navigate a tight labor market, we must not take our eyes off one of the most common challenges businesses face: cyberattacks, including payments fraud.
The 2022 AFP Payments Fraud and Controls Survey underwritten by J.P. Morgan found that 71% of companies reported having been victims of payments fraud activity in 2021. This figure reflects how widespread a threat payments fraud is and illustrates how all local businesses, regardless of their size or industry, should consistently be prepared to fight it head on.
As businesses have increasingly digitized their payments and processes, fraudsters have found new ways to target their sensitive data. They use methods ranging from ransomware to social engineering attacks. These security breaches can be costly, forcing businesses to make digital ransom payments, and they can even erode a company’s hard-earned reputation and brand equity with its customer base. With each new attack, business leaders need to ensure they remain one step ahead of bad actors. Data protection, compliance standards and customer trust must all be part of a company’s ongoing fortifications.
HOW TO ASSESS YOUR CYBER HEALTH
Whether your business is constantly reviewing its cyber defenses or has had to shift resources to combat today’s more immediate headwinds, it’s always a good time to assess its cyber health.
Implementing payments fraud controls often requires conducting a cyber checkup that thoroughly assesses data privacy. This checkup can start with identifying and taking inventory of the types and sensitivity of data a business handles. It also may necessitate looking at where data is stored, how it’s backed up and what response plans are in place for a data breach or other cyber-related incidents.
Armed with the results of a cybersecurity assessment, businesses can make decisions on whether they need to strategically invest in new technologies designed to bolster data security, such as remote security enhancements, encryption tools and data loss prevention tools.
But often what’s needed are changes or enhancements to internal controls and processes for payment approvals. Some steps businesses can take to shore up these controls include:
• Implementing dual-payment authority, which requires at least two people to review payment instructions before processing.
• Adopting the principle of least privilege, which allows authorized users access only to the specific data needed for their roles.
• Matching all payments to previously approved invoices, particularly in the case of urgent requests, cross-border payments or other abnormal activity.
• Reconciling all payments daily to ensure any suspicious items can be identified immediately.
• Having clear procedures for the escalation of any potential red flags or issues.
• Installing multifactor authentication for employees attempting to connect remotely.
Business leaders are responsible for not only ensuring cyber controls are in place but also relaying the importance of data security and protection throughout their organizations. A company is only as strong as its weakest link, making it imperative for all employees to know their essential role in safeguarding data. Businesses can implement practical measures, such as requiring users to create strong, complex passwords that must be changed frequently, and provide continued cyber education, including regular training sessions and drills simulating actual cyberattacks.
RELY ON TRUSTED PARTNERS
The good news is that Los Angelesarea business leaders don’t have to tackle cyber challenges alone. Banks like JPMorgan Chase can help provide invaluable insights about cyber best practices and materials for trainings, including cyberattack simulations.
Banking and financial partners can also assist businesses in identifying their top cyber needs, whether those are implementing transaction limits or adding dual-control permissions for payments, and offering tailored solutions to meet them. When incidents of payments fraud do occur, they can provide real-time support to help guide business leaders through their response and connect them with dedicated experts who can investigate and work to potentially recover lost funds.
Unlike some other current economic headwinds, payments fraud will remain an ongoing challenge for local businesses, but with dedicated preparation, detailed procedures and steadfast vigilance, they stand a good chance of remaining one step ahead of sophisticated fraudsters.
Tony Sciarrino is the Pacific Segment Head for Middle Market Banking and Specialized Industries at JPMorgan Chase.
