Business desktop with a laptop and calculator.

Understanding Cybersecurity and Treasury Management: Essential Insights for Business Owners

In today’s rapidly evolving digital landscape, cybersecurity and treasury management have become critical areas of focus for business owners. As cyber threats become increasingly sophisticated, and financial fraud continues to rise, understanding these trends is vital for safeguarding business assets and ensuring financial stability.

This article highlights key insights from a recent discussion between Jeff Luczak and Michael Senkbeil on these topics. Jeff leads the Cash Management Department at Landmark Credit Union. Michael leads our Managed IT Service team at Chortek. This synopsis of their discussion delves into the latest insights and practical strategies for protecting your business from cyber risks and managing financial fraud effectively.

Introduction to cybersecurity and treasury management

Cybersecurity is a dynamic field that requires constant vigilance and adaptation. With the increasing sophistication of cyber threats, businesses must implement comprehensive strategies to protect their digital assets and financial operations. On the other hand, Treasury management involves overseeing a company’s financial health, including cash flow, investments, and risk management. Together, these disciplines form the backbone of a secure and financially stable business.

The financial impact of cyber crimes

The Identity Theft Resource Center’s 2023 Business Impact Report provides a stark reminder of the financial impact of cyber crimes. According to the report, 47% of cyber attacks result in less than $250,000 in financial losses. While this might seem manageable, few businesses can afford such a loss without significant repercussions. The financial impact extends beyond direct losses, often leading to reputational damage, legal fees, and recovery costs that can cripple a business.

Emerging cyber threats and their sources

Cyber threats are evolving, with new forms of attacks emerging regularly. Traditional external hacking remains a significant threat, but the landscape has diversified to include malicious insiders and third-party vendors. The rise of remote work has further complicated the security environment, requiring businesses to defend their central infrastructure and numerous endpoints.

External hackers

External hackers remain a significant threat, exploiting vulnerabilities in company networks. These attacks often originate from international sources, making it difficult for U.S. law enforcement to intervene (unless the financial losses are substantial). To protect themselves, businesses must focus on prevention and recovery strategies, including cyber insurance, to mitigate potential damages.

The rise of remote work

The shift towards remote work has dramatically changed the cybersecurity landscape. Employees using home networks and personal devices can create weak points that hackers exploit. Businesses can no longer rely solely on robust firewalls and antivirus software for in-office environments. Instead, there is a growing need to secure endpoints — the devices employees use to access company networks. This includes implementing comprehensive defense strategies that cover all possible points of entry for cyber threats.

Malicious insiders

Internal threats, or malicious insiders, are also a growing concern. Employees with access to sensitive information can intentionally or unintentionally compromise security. Effective internal controls and regular monitoring are essential to detect and prevent insider threats.

The role of third-party vendors

Third-party vendors pose a unique challenge in cybersecurity. These vendors often rely on a supply chain of software and services, each of which can introduce vulnerabilities. Recent incidents, such as the malicious code slipped into the open-source Linux software, highlight the risks associated with third-party software. Businesses must ensure all software and service providers comply with your security standards. Conduct regular assessments of third-party security practices and maintain a supply chain management strategy to mitigate risks associated with external partners.

Key cybersecurity measures for businesses

To defend against the diverse range of cyber threats, businesses must adopt a holistic approach to cybersecurity. This includes implementing multiple layers of protection, known as defense in depth, and staying vigilant about emerging threats.

Critical cybersecurity action items

  1. Endpoint security: Protect all devices connected to the business network, including laptops, smartphones, and IoT devices.
  2. Network security: Maintain firewalls, intrusion detection systems, and secure network protocols.
  3. Access control: Restrict access to sensitive information and systems based on user roles and responsibilities.
  4. Employee security awareness training: Educate employees about phishing, social engineering, and other common cyber threats.
  5. Regular Updates and Patches: Ensure all software and systems are up-to-date with the latest security patches.
  6. Incident Response Plan: Develop a clear plan for responding to security breaches, including steps for containment, eradication, and recovery.

The role of continuous monitoring

Continuous monitoring of network traffic and system activity helps identify and respond to potential threats in real time. This proactive approach allows businesses to detect suspicious activities early and take corrective actions before significant damage occurs. A key tool that performs this function is “endpoint detection and response” software.

Treasury management and fraud prevention

In addition to cybersecurity, treasury management plays a crucial role in protecting business assets from financial fraud. Business owners must remain vigilant against various types of fraud schemes, including check fraud, business email compromise, internal embezzlement, and account takeover.

Common fraud schemes and mitigation strategies

Fraud in treasury management can take many forms, from low-tech check fraud to sophisticated account takeovers. Here are some of the most prevalent schemes:

  1. Check Fraud: This low-tech fraud involves creating or altering checks. To mitigate check fraud, businesses should:
    • Use check positive pay and account reconciliation.
    • Avoid placing checks in mailboxes with the red flag up.
    • Monitor accounts regularly for suspicious activity.
  2. Business Email Compromise (BEC): Fraudsters often impersonate legitimate business contacts to trick employees into transferring funds or sharing sensitive information. Mitigation strategies include:
    • Training employees to recognize phishing attempts.
    • Implementing email authentication protocols.
    • Verifying requests for fund transfers through multiple channels.
  3. Internal Embezzlement: Internal threats involve employees misappropriating company funds. To prevent this, businesses should:
    • Implement strong internal controls and segregation of duties.
    • Conduct regular audits and reviews of financial transactions.
    • Use automated systems to track and report financial activities.
  4. Account Takeover: This high-tech fraud involves unauthorized access to business accounts. Prevention measures include:
    • Enforcing strong password policies and multi-factor authentication.
    • Monitoring account activity for unusual transactions.
    • Educating employees about secure account management practices.

The importance of timely detection and response

Prompt detection and response are critical in mitigating the impact of financial fraud. Businesses should establish clear protocols for reporting and addressing suspicious activities. Engaging with financial institutions and law enforcement agencies can also help recover lost funds and prevent further incidents.

The value of cyber insurance

Cyber insurance has become an essential component of a comprehensive cybersecurity strategy. It provides a safety net, covering the costs associated with cyber incidents, including legal fees, notification costs, and recovery expenses. However, obtaining cyber insurance is not a substitute for implementing robust security measures. Insurers often require businesses to adopt specific controls and best practices to qualify for coverage, which in turn enhances overall security posture.

Understanding cyber insurance policies

It’s crucial for business owners to understand the limitations and coverage details of their cyber insurance policies. Not all incidents may be covered, and there can be significant exclusions. A thorough understanding of the policy terms helps ensure that businesses are adequately protected and can respond effectively in the event of a cyber incident.

Conclusion

In an era of increasing cyber threats and complex financial operations, businesses must adopt a proactive and comprehensive approach to cybersecurity and treasury management. By staying informed about the latest trends and implementing best practices, business owners can safeguard their assets and ensure long-term stability and success. Regularly update your strategies, invest in employee training, and consider cyber insurance as part of a multi-layered defense system. Together, these measures will help protect your business from the ever-evolving landscape of cyber threats and financial fraud.

About the authors

Jeff Luczak, Landmark Credit Union

Jeff has been with Landmark Credit Union for three years and has over 20 years of experience in the banking industry, including more than 15 years in Cash Management and Treasury Management. He started the Cash Management department at Landmark and has steadily grown the member base as well as his team. Under his leadership, the Cash Management Team has adopted new products and services to better serve business members.

Michael Senkbeil, Chortek

Michael joined Chortek in 1997 and is the partner in charge of managed IT services. His expertise lies in providing management advice in IT operations, cybersecurity, and cloud strategy. One of his favorite parts of the job is earning the trust of business owners and managers and making IT function as a business asset rather than solely a necessary expense. He enjoys getting feedback from clients who see the noticeable benefits in increased efficiency and stability of their systems thanks to Chortek’s flat-rate managed IT offering.