As part of our ongoing commitment to helping clients become more secure and efficient, Paymerang is introducing a learning series highlighting best practices in the world of AP and finance.
For our first installment we are sharing a few tools and exercises leveraged internally at Paymerang to mitigate risk.
According to the 2020 AFP Payments Fraud & Control Survey, 81% of
organizations were targets of payment fraud in 2019. This is the second highest
percentage of reported fraud attacks/attempts since 2009, with the most often
reported source of payments fraud attacks being Business Email Compromise
As a result of the Covid-19 pandemic,
professionals are communicating via email more than ever and work from home is
a common business practice. Unfortunately, the increased digital volume has
correlated with an increase in documented fraudulent activity.
Please review the following recommendations from our internal security training programs:
1. Labeling of Externally Generated Emails: A critical tool to combat email phishing is to provide alert banners to your employees identifying all emails that are generated externally from your company. There have been a number of reports highlighting nefarious actors manipulating sender’s email address (i.e. @microsoftt.com) to masquerade as a valid email sender.
2. Alertness for Malicious Links: Links in external emails are often times used to disguise malicious programs that could compromise your network. Before clicking on any links, we recommend your employees verify the sender’s email address along with the URL in the link. Once verified, we recommend copying the link and pasting it into the browser rather than clicking on it the link provided in the email.
3. Awareness of Vendor Impersonations: A popular fraud technique is to masquerade as a vendor and seek to redirect money to a fraudster’s account. One of the many advantages of using Paymerang is that we validate the vendors we pay on your behalf – this highly reduces the risk of being exposed to this fraudulent technique. Please note that since you fund AP batches into a central account at Paymerang, you will not receive any changes to this funding account. If you get a request for a change, please immediately contact your Client Account Manager or contact our Support Team at firstname.lastname@example.org.
We hope that you find these tips useful. Stay tuned for future security awareness steps you can take to keep your business payments secure.
The novel Coronavirus (COVID-19) outbreak is having a major impact on businesses and is creating a major challenge for businesses throughout the country. In addition to forcing many employees to work from home, there are some even greater challenges facing businesses. The transition to a remote work environment has compromised the integrity of the controlled work environment, but there are measures you can take to ensure the security of your network and data.
First and foremost, employees should be provided with the necessary equipment and security training to protect remote operations. Working outside of the office environment opens the network to malicious insiders and individuals outside of the organization who now have increased access and opportunity for threatening your organization’s data. There are weakened security controls beyond the firewalls and scammers are busier than ever to capitalize on this environment, so it is crucial that your team is trained to stay vigilant against phishing, business email compromises, ransomware and other security breaches.
The Security Difference with Paymerang
- Use of VOIP softphone: Softphones are essentially software-based phones. They mimic desk phones by presenting a phone interface on the computer, complete with a dial pad and call handling features, but since they operate on a computer, they are much more powerful than desk phones. Softphones additionally offer video calling and conferencing, visual voicemail management, chat and SMS capabilities, and more. There are desktop applications that run on Mac and Windows computers, laptops, and tablets, as well as web-based versions that are accessible in the browser, and mobile apps for iOS and Android devices.
- Secure environment: Our team utilizes a trained and enforced secure office environment, with hardwired connections always on VPN. We utilize two-factor authentication (MFA) or 2FA, a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account for all business activities.
- World-Class Support: Help is just a click away; our team has access to tech support around the clock and we’ve established a remote model for technical support when technology or connection help is needed.
- Secure Devices: Our team uses PCs to ensure the highest level of enforcement for endpoint security protection and all PCs are configured to block USB connections, so printers and thumb drives cannot be used. This protects all data on the employee’s device, preventing it from being used maliciously.
- Patching: Patching refers to the manual routine updating of technology to ensure there are no holes for hackers to access valuable information through the outdated versions of the old operating system. Having good patch management means not only that your software is up to date with all functionality, but also (and more importantly) that your machines are protected from security complications. Most individuals only patch their computers with the standard advised upgrades or ‘only as-needed,’ leaving the whole institution at risk for a cyber-attack. Our professionals take the right steps to ensure that patching is done correctly and with the appropriate tools.
- Tokenization: Our team uses a physical device that generates a temporary code used to access the network. We go the extra mile to protect your payments—securely enrolling your suppliers online, encrypting their account information, storing it on your behalf and requiring secondary authentication for administrators using the website.
Our cloud-based platform offers security, flexibility and
efficiency while protecting
your payments, so let us alleviate the burden of making and securing your business
payments so you can focus on more mission-critical initiatives for your team
during this unprecedented time.