What are digital transactions?
Digital transactions allow individuals and businesses to bank or make payments electronically via the internet. All payments, fund transfers and payee setup are completed online, whether on desktop, mobile or any other electronic device, are considered as eBanking activities. It’s often undertaken on a bank’s dedicated platform or for larger organisations, via a custom eBanking portal, and should be operated alongside stringent cybersecurity measures such as passcodes, authentication and screen timeouts.
The recent surge in remote working paired with widespread digital transformation and the growing sophistication of mobile devices has resulted in the majority of businesses using eBanking for some or all of their internal transactions. eBanking eliminates the need to visit banks, make telephone calls or navigate various disjointed systems to make a payment. In theory, then, it can aid productivity and help channel finance resource to where it can make the most strategic and deliverability impact.
Being able to complete transactions from anywhere also supports business agility and flexibility, and if managed properly, can provide finance leaders with clearer activity visibility. However, eBanking is not without serious risk. Losses associated with online banking fraud are on the rise, while the number of cases that have successfully clawed back money following a theft is plummeting. eBanking losses stemming from mobile devices are also increasing.
The finance industry and finance departments are disproportionately targeted due to their proximity to large sums of money and typically larger average transaction value. Cybercriminals are utilising methods such as phishing, whaling and telephone scams to gain unauthorised access to eBanking accounts to steal money, in addition to exploiting cybersecurity gaps with hacking and malware. Find out how phishing works here or check out our whaling Ask the Expert episode below.
The potential damage:
1. Lacklustre performance
Technology is meant to make things easier but if it’s brought on board without the right training – tailored to skillsets and usage- it can make a job take longer. Colleagues may also make mistakes, and when dealing with fund transfers and payments, this is not a risk any financier wants under their watch. Together with stalled productivity, eBanking has the potential to cost you more money and disrupt a comfortable cash position.
2. Hacking and breaches
eBanking is particularly vulnerable to cybercriminals for obvious reasons. Without cybersecurity and network segmentation, hackers or autonomous malware can rapidly access finances and potentially spider across networks to cause operational outages. Both the immediate event and recovery costs can seriously impact your bottom line and thus stifle growth plans, weaken cashflow position and for those of you large enough, slash points of that share price. With more of us working remotely than ever before, it’s likely that eBanking payments will be made via a mobile or remote device at some point. Too often, maintaining robust cybersecurity on remote devices is the colleague’s responsibility, which means using eBanking on unprotected devices or networks is a worryingly frequent breach source.
Prior to digital transformation and eBanking, there was a physical buffer between us and executing a payment – the bank, a telephone call, etc. Now, it’s not unusual to transfer large sums of money with a few clicks, and often on the mobile devices we associate with leisure. This, paired with non-stop, fast paced working lives, means that continual awareness training is just as important as cybersecurity software.
3. Loss of peer prestige
As an overseeing individual, an eBanking breach event will inevitably have its consequences. At worst, your position could be in question. At best, considerable embarrassment. After all, it implies that teams aren’t adequately trained on procedure or best practice, or that the cybersecurity that could prevent costly breaches has been neglected.
4. Reputational damage
If customer finances or data are compromised or stolen via eBanking channels, it goes without saying that you’ll face a company-wide crisis and large PR cleanup operation. However, even if your customers escape a breach unscathed, they’re likely to question their confidence in you – if you can’t secure your own assets, how can they trust you’ll take care of theirs? It’s critical to mitigate risk by working with IT to reinforce cybersecurity, and marketing to ensure that “trust” is communicated.
Common financial fraud to look out for
How to minimise risk
1. Put a specific person in charge
eBanking tasks are often completed ad-hoc and by various people in an organisation, which can lead to blind spots and poor communication – shadow IT, in essence. To prevent inconsistent or bad practices from exposing the business to unnecessary eBanking risks such as hacking or phishing payments, make somebody responsible. As a finance professional, we know you’ll have eyes on eBanking, but consider assigning a trusted senior colleague to lead reviews, training and compliance checks if you’re not already doing so.
2. Provide continual training
As a senior finance professional, your voice and opinion can speak loudly to colleagues. Consider creating, implementing and leading eBanking best practices (such as phishing awareness, remote device usage and password resets) and become an advocate on the board for continual training and risk assessment. It may be wise to book in regular training sessions with transactional cybersecurity specialists, too.
3. Upgrade your cybersecurity
Begin with a cybersecurity audit to pinpoint all business and eBanking-specific weaknesses, and then implement the best possible software (such as filtering, firewalls, antivirus, authentication and sandboxing) to dispel threats before they can wreak havoc.
4. Consider a dedicated platform or network
In addition to cybersecurity software, you can further enhance the security of your eBanking activities by deploying it on a dedicated cloud platform or at least, on a separate network. This will force users to operate with set protective measures in place and enable safe eBanking even when working remotely. For help setting up a segregated network or private cloud, please feel welcome to contact K3.
For information about how K3 can help you safeguard digital transactions with software and managed services, click here. For more great free cybersecurity resources, visit our Security Surgery. Or to chat with one of our advisors, contact us via email or call us on 0844 579 0800