Ten Fraud Prevention Tips for Small Businesses: Protect Your Business from Third Parties |
Posting by Joshua Smith, CPA, CFE
P: 301.272.6076 | E:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
With the integration of digital devices in everyday business activities, companies have become highly susceptible to unwanted attacks and data breaches from third parties. Not only does a company have to consider internal third party invasion threats, but also threats to external resources and vendors (e.g., banking institutions, credit card companies, supply chains, etc). The question is not if your company will experience a third party attack, but when an attack will occur. It is imperative to consider and mitigate risks while being mindful of the costs/benefits of employing such protective measures.
Internal third party attacks can be prevented by how your company
chooses to operate, safeguards that are in place, and by selecting
quality employees, which will be discussed in a later segment of this
series. For the purposes of this post, I will focus specifically on
safeguards that can be employed to reduce vulnerability to third party
attacks.
Your company must have a well-designed network structure that can
prevent third party organizations from gaining access to internal
information. The use of firewall programs can reduce the chances of
these third parties entering the company’s local network. Additionally,
external email filtering services can be used to protect employees from
emails that contain unwanted messages and viruses that, when opened,
can access and corrupt the internal network. Many of these tools can be
purchased through product bundles known as Intrusion Prevention Systems
(IPS) and Intrusion Detection Systems (IDS).
Prevention of an attack is not the only line of defense that your
company needs to address. Consideration should be given to both
detection of an attack and remediation should a breach occur. A
well-implemented IDS can be the best line of defense in detecting
unwanted attacks. IDS applications have the ability to detect
unauthorized changes in applications, permissions rights violations, and
protect sensitive files and many other facets of the internal
information technology infrastructure.
Third party attacks that are external to your organization are much more
difficult to prevent and detect. However, it is prudent to monitor
relationships with vendors to ensure that sensitive information is kept
secure. When selecting new vendors that will handle sensitive data, ask
how the information will remain secure. If they do not provide a
response that is sufficient to mitigate the risk of exposure,
consideration should be given to whether or not use of the vendor is
appropriate.
It is likely that every business will experience a third party attack.
The question remains, when will it occur? By using tools to aid in the
prevention and detection of these attacks, you can reduce your business’
risk of intrusion and the associated damages. Unfortunately, these
tools come with a significant price tag, which presents the next
question you must ask: Will it cost more to implement these safeguards
than the benefits my company will receive from implementing these
tools? Finally, ask yourself: Can my business afford to survive these
attacks and the scrutiny from law officials and media if my company
takes no action?
 |
