The email seemed innocuous enough. It appears to come from a long-established vendor who merely sent an updated service invoice, attached as a Word document. However, as if often the case, mere appearances are deceiving. Clicking on this email would have actually provide an opening for into the computer and the wider company network with malicious software - malware - specifically designed to sniff out usernames and passwords. This type of cyberattack can potentially wreak havoc far beyond the finance department, possibly all the way to an employee or customer's (personal) computer network. Indeed, the rise in attacks targeting financial data has become a nightmare for businesses and CPAs alike.
In this case the accounts payable team was smart enough to smell the phishing attack and not open the document, instead checking with the vendor whose email system had indeed been hacked. The breach was averted.
Unfortunately, this is but one example of many how accounts payable teams and their colleagues are exposed to technology-savvy hackers and cyber risks on an almost daily basis. With accounts payable fraud becoming more rampant, even more so now due to the fact that many firms had to switch gears during the pandemic and rely on remote working arrangements, solutions for accounting and technology are more important than ever before.
When market researcher Ardent Partners surveyed the landscape for its annual report “State of ePayables 2021” , they discovered that almost four out of ten of companies had been targeted by a fraud attack in 2020:
“The pandemic’s main impact on physical mobility and fewer face-to-face interactions led to a decreased reliance on paper invoices and checks and wider usage of digital and electronic payments. The unfortunate downside is that fewer in-person meetings and negotiations may have opened the door for B2B payment fraud. Conducting more business outside of the office and operating as virtual teams translated into greater IT and data security risks.”
Increasing cybersecurity and protecting the finance function has therefore become a top priority for organizations large and small as they become accustomed to a new normal for hybrid work. Getting there involves more than just battening down the hatches to prevent unauthorized network access and relying on closer scrutiny of permissions. Classic IT security is all about data security and defending the network against external and internal malfeasance.
Yet investing in a stand-alone network security system or even hiring a cyber security specialist is not sufficient to ward off the risks and threats facing the finance function. You can think of it as a much-needed moat, the first and essential line of defense to protect your castle of IT infrastructure, whether it runs on premises or - as is increasingly the case - in the cloud.
A moat only gets you so far, though, if the problems are located inside the organization, such through faulty processes, lax workflow rules, technically clean but error-ridden files, or even employees working with outsiders. The smarter way to protect your operations and cash position calls for an accounting management system that natively includes many accounting cyber security features.
Here’s how Ardent Partners summarizes the task at hand:
“Cyber-criminals have become more brazen (and more technologically advanced) since the pandemic began, resulting in billions of dollars of fraudulent payments and activity over the past sixteen months. Businesses must pump resources, time, and energy into how to not only prevent payment fraud, but also develop a program in which potential issues can be mitigated before they escalate into a full-blown fraud crisis. AP can play an important role in leading this conversation.”
Oftentimes, it’s not even a malevolent attack but a string of errors, mistakes, and omissions that can cost you dearly. All areas that classic IT security and firewalls won't catch and, while not a cyber-attack can have a similar negative effect.
For example, let’s say a professional fraudster poses as a client or supplier and contacts the AP team to update their bank account information with a false one in order to siphon off a legitimate payment. Or an invoice for $12,000 is really only for goods worth $1,200, simply because a clerk somewhere, somehow accidentally mistyped the amount due. Finally, how about a vendor who gets impatient or is waiting on an update and decides to submit the same invoice twice, albeit with a slightly different invoice number while all other details remain the same.
Overworked or distracted staff that are opening envelopes and attachments and then keying in the information might let all of those real-world examples slip through the cracks and route the invoices for approval. Even an individual accountant can miss this type of errors in a mountain of paperwork. Regardless, if the mistakes are not caught, it can mean money down the drain, time-consuming follow-up research and correspondence to hopefully recover the funds.
An automated system will easily ferret out all of those exceptions, flag them as suspicious, and escalate their review to a human set of eyes. It’s a state-of-the-art approach to maximize accounting cyber security as well as save time and money.
There are three key ingredients to a platform that’s secure, speedy and scalable to adapt to your business needs:
DigitizationThat’s the process of converting any type of document and data into a structured format for further processing. It enables an organization to go paperless and no longer worry about misplacing or losing documents containing sensitive information that could land in the wrong hands. Dumpster divers, in other words, will come up empty-handed.
Big DataA cloud-based platform will securely index and store large amounts of data extracted from invoices, POs and other documents. A system such as Yooz is capable of doing this at high speed and in real-time. The result is improved visibility throughout the invoice processing and payment workflow, enabling all parties involved to keep track of where an invoice or document is.
Machine Learning (ML)This subset of artificial intelligence uses all the data fed to the system to automatically learn and improve your business processes with little to no human intervention. Ideally, you’ll arrive at straight-through processing and see drastically fewer exceptions. Since a cloud-based ML platform has seen invoices in the millions submitted by tens of thousands of vendors, it acts as a security gateway and excels at detecting unusual patterns and flag a transaction as potentially fraudulent.
Let’s quickly summarize the tangible ways how an investment in cutting-edge accounting cyber security improves your processes and saves time and money:
A platform such as Yooz deploys frequency analysis to compare outstanding amounts against usage history.
It automatically recognizes potential duplicate invoices and/or payments.
Robotic process automation lets a business establish airtight internal rules for invoice review, approval and payment.
It makes traceability easy by identifying fraud attempts and keeps detailed logs on who accessed what documents.
It will automatically alert the AP team when vendor bank details change and identify forged documents.
There are many steps along the entire purchase to payment workflow where intelligent AP automation will increase accounting cyber security without forcing a business to significantly change its processes. As mentioned above, data security starts right at the beginning with quick invoice capture and three-way matching of invoices to their corresponding purchase orders and notes of goods received.
Next, a smart automated system will compare the information extracted from a document with what’s on file, for instance company address, bank account, and contact information. That’s why a fraudster trying to slip in a new bank account would immediately raise a red flag. When in doubt, a human line of defense comes into play. All invoices marked as problematic will be routed to AP experts who now have enough free time to focus on the tasks where their experience matters most.
Intelligent AP automation also raises the bar for initiating payments. Even if an invoice has passed muster and is ready to be set up for payment, the system will perform one more round of additional security checks, considering metrics such as payment volume and velocity.
Investing in AP automation makes AI-powered risk management an almost invisible feature of your back-office operations. Isn't it time to fortify the network security moat with a strong second line of defense against errors and bad actors?