Preventing cyber fraud starts with business owners.

By Christopher Chazin, SVP, Head of Treasury & Trade Products & Services, Commercial Banking

Owners of small and medium size businesses often wear many hats or manage others who do. Sales and marketing, operations, finance, human resources, compliance, the list goes on. But, too often, one important responsibility may get scant attention: fraud prevention and cybersecurity.

In today’s world, a security breach is not a matter of if, but when. According to a recent study, 41% of small businesses suffered cyber attacks in 2023, up from 38% in the 2022 and nearly double the number of 2021 attacks.¹ Not only are cyber threats and the resulting fraud increasing in frequency, but they are also becoming more sophisticated with artificial intelligence and automation behind them.

The consequences can be dire in terms of business disruptions, substantial costs, and sullied reputations. Consider these two examples from many thousands of cyber attacks reported each year:

• A local retail store experienced a data breach where customer payment information was stolen. The store lost customer trust and sales. It had to compensate customers with identity theft protection and invest heavily in cybersecurity measures.
• A small accounting firm fell victim to a ransomware attack that encrypted all their client data. The attackers demanded a hefty ransom, which the firm was forced to pay due to the absence of data backup and recovery plans. The incident caused significant financial strain and damaged their reputation¹.

Business owners must take the lead against cyber threats and fraud

Just as business owners set the tone and culture of their companies, they must do the same for cybersecurity, making vigilance part of their organization’s ethos. Of course, that does not suggest they should handle cybersecurity themselves. They certainly can and should hand off the technical details to a knowledgeable IT person, whether an employee or a consultant, so they can focus on more strategic concerns.

No matter the approach, it is important for business owners to make cybersecurity a strategic priority. Moreover, they must establish sound security practices to help employees identify fraud attempts and protect vital data.

To help educate your employees, a TD Bank representative can come to your business and present a cybersecurity and fraud prevention curriculum we call TD SAFE - Security Awareness For Everyone. We designed the program to emphasize both the risks of cybersecurity and fraud as well as how to safeguard you and your business against them.

In addition to setting up employee training and awareness programs, business owners should take the following actions and schedule periodic reviews of policies, procedures, and governance to prevent cyber attacks and financial fraud:

Update your technology safeguards. These include firewalls, anti-virus software, security patches, identity management, and other safe-computing measures. These protections should be audited and assessed at least once a year for vulnerability gaps, which should then be closed.

Establish rigorous financial and banking controls. Consider performing online banking from a dedicated, standalone PC with limited access. Segregate duties so that no single employee is responsible for both recording and processing transactions. Limit who can authorize purchases based on their job role and the size of their purchase authority. Also, ensure that different people oversee bookkeeping and bank reconciliations. TD Bank can set up Dual Control payment methods that require two or more users to release an ACH batch or wire transfer. This way, a compromised user cannot initiate a fraudulent transaction without another authorized user.

Conduct periodic audits. Engage a trusted, third-party accounting professional to review the company’s financial records at least once a year. Between audits, run unannounced random audits of these records, especially accounts payable for cash disbursements and payments to unknown vendors.

TD Bank - a trusted resource in cyber safety and fraud prevention

While TD Bank uses industry best practices to safeguard your financial information and assets using the latest tools, encryption, and software, you can do a lot to enhance our effectiveness together. By combining our efforts, we can make it hard for cyber criminals to compromise your defenses against intrusions and fraud.

Note that TD Bank will never contact you to obtain personal information or user credentials via e-mail, text or voice call and will never ask you for remote access to your device.

If you are concerned about a fraudulent e-mail, text or call that may have resulted in disclosing confidential information, immediately report the incident by calling TD's Fraud Resolution Group at 1-800-893-8554. For more information, stop by any TD Bank location or call 1-888-388-0408.

RESOURCES

• Click here for fraud tips to keep your business safe.
• Click here for fraud terms you might not know.
• Click here for tips to avoid payment fraud and cybercrimes.
• Click here for additional guidance on fraud prevention.

Member FDIC, TD Bank N.A.