Be Prepared: Incident Response Plans (IRPs)
Fighting fraud by preparing your business with formal response plans
Leaders in cyber fraud protection will say that it is not a matter of “if” you will be a target of fraud, but “when.” For this reason, it is important to have plans in place for what your business will do when dealing with an incident. Best practices recommend robust education and training, as well as having a formally written and regularly updated Incident Response Plan (IRP). As you build your company’s plan, consider the following details:
Education
The best response is prevention. Organizations can greatly reduce the odds of a successful fraud attack by diligently educating employees, clients, and vendors to identify it and respond appropriately. Regular communication with clients and vendors about fraud trends and clear communication about legitimate methods of payment and transferring funds will help keep those interactions above board.
The training of all employees is an especially foundational policy every organization should have. Employees should understand how to recognize phishing attempts, how to choose a strong password, and what to do if they suspect a security breach. The best training programs are revisited regularly and updated at least once a year.
Immediate Action
In the event of a fraud attack, every minute counts. Any threat or sign of irregular behavior on your network should be taken seriously and acted upon quickly — no matter the time of day.
At a recent fraud seminar hosted by First Financial Bank, a Secret Service agent panelist mentioned that timing is often a key tactic of fraudsters. Criminals will wait until Friday evening to attack, knowing that it may go undetected or unresolved until Monday, giving more time to cause damage.
While no one wants to interrupt a weekend or holiday, the moment suspicious activity is detected, it is imperative to isolate the threat.
1. Disconnect any impacted programs or devices from your network to prevent spread.
2. Scan your entire system to check for other compromised areas.
3. Contact your banker and local law enforcement so that investigations can begin quickly. It is also recommended that you contact the FBI, as they maintain records of cybercrime patterns and trends to try to predict attacks and prevent them.
The faster the right people get the necessary information, the more likely they are to recover losses and catch criminals.
Role & Responsibilities
Clearly defining roles and responsibilities in advance will help you to act quickly and reduce loss. It’s great to write out a plan with steps like “Disconnect impacted programs,” “Scan systems” and “Contact your banker,” but those steps are not as useful if no one knows who will complete them. Who submits the reports? Who ensures that follow-up training is completed? Who collects the data about what was impacted or the size of the losses?
These role definitions should be part of your employee education program. Regularly review possible scenarios with your team and define expectations according to each employee’s role. This will help prevent issues with any necessary investigations or loss recovery.
Tailored Training
Requiring general fraud education for everyone in your company is important, but tailored training is even better. If someone fails a test, follow-up training specific to the topic should be mandatory. Additionally, training can be customized to a person’s role, based on the responsibilities that have been formally described.
At the recent fraud seminar, panelist Clark Schaefer Hackett’s Chief Information Security Officer, Carly Devlin, explained, “The Financial department, the IT team, or the C-suite…they will be targeted differently.”
For example, a marketing team likely does not need much training on wire fraud trends, as they do not wire funds often. A commercial banking team, however, should receive focused training about how to avoid wire transfer fraud. Both teams use email, however, so both should be highly aware of phishing trends.
First Financial Bank’s Chief Information Security Officer, Lance Murray, added the fact that assistants can fail phishing tests on behalf of a C-Suite leader. “Anyone who has proxy access to someone’s email is a potential vulnerability,” Murray declared.
Training is most effective when it appropriately educates employees about the kinds of attacks they are most likely to see and how to avoid falling for them.
Conclusion
To protect your business, take the time to build a formal Incident Response Plan. Make sure to include education, roles and responsibilities, and plans of action. If it all seems overwhelming, start small and add to it incrementally as you gain confidence and comfort in your program. The best fraud prevention is preparation, so be prepared.
If you suspect you've been targeted by fraud, call the First Financial Bank Business Support Center (BSC) at 866.604.7964. Explore tips and information on how to prepare and protect yourself on our Commercial Fraud and Online Safety Resource Hub.