Is Your Remote Team Sufficiently Cyber-Security Savvy? - Financial Operations Network
Hackers are working full time, and with your team working from home, you face greater risk. Cyber-criminals study human behavior and are good at manipulation.
cyber security, accounts payable, remote workers, phishing, internal controls
19797
post-template-default,single,single-post,postid-19797,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,footer_responsive_adv,hide_top_bar_on_mobile_header,qode-theme-ver-16.8,qode-theme-bridge,qode_header_in_grid,wpb-js-composer js-comp-ver-6.4.1,vc_non_responsive
 

Is Your Remote Team Sufficiently Cyber-Security Savvy?

Is Your Remote Team Sufficiently Cyber-Security Savvy?

Someone is out to get you.

Hackers are working full time. And with your team working from home now, you face greater risk. Cyber-criminals are constantly working to find soft spots or weak links in your organization to exploit. And hackers study human behavior and are good at manipulation.

When everyone first started working from home, their organizations addressed security items like VPNs, Wi-Fi security, bolstered passwords and multi-factor authentication.

But even if those ducks are lined up, there is a key vulnerability that remains: people.

Employees working at home must be alert and cautious to maintain security. Fraudsters employing social-engineered cyber-attacks seek to exploit fear, uncertainty and doubt. People under stress make a good target.

The bad guys use common tools to break into systems: email, text messaging and phone calls. As the pandemic spread and the remote working environment was hurriedly set up, attacks that referenced COVID-19 leapt way up. (We are now halfway through autumn, and COVID-19 is on the rise again.)

But not all attempts to breach security fly a COVID flag. The common pre-pandemic techniques still work. You might get an email that looks like an internal system-generated notification of a voicemail. It includes a link to access the message. If your company has set up VOIP, you might more readily fall for it, though even without VOIP, you might be tempted.

Or maybe you receive a phone call indicating there’s been a breach of your cell phone or computer, and you are instructed to press “1” for help.

Perhaps you receive an email from the boss. The message sounds very nearly like something the boss might write. You might act on it without giving it a second thought. Don’t. You could be very sorry.

Attacks

The perpetrators employ a variety of types of phishing. There is vishing, which is phishing via phone (voice). Then there is smishing, in which you receive a text (SMS) asking you to reply with information or to click a link. (Click here for a good primer on phishing.)

Phishing, of course, is an email appearing to be from a trusted entity. It is somewhat non-specific, meaning it targets a broad number of users (though may still include your name in the greeting). Spear phishing is more sophisticated, aimed at a particular organization or individual, using specific information found online. Whaling takes spear phishing to the next level, targeting higher-level personnel and appearing to come from the CEO, CFO, president, etc.

These various messages attempt to get you to provide information to them, or they are a “trojan horse” loading malware onto your computer. They urge you to click on a link or download a document. Once you’ve clicked or opened the document, the malware is in.

Consider that as you and your staff work from home, you might take a break and check Facebook, where you receive a message that appears to be from a friend. It says, “Hey, is this you in this video?” You click the link to see whether you do appear in the video. But the message is not from your friend–their Facebook account was hacked. And any time you click on a link it could result in downloading malware to your computer.

Defense

The first defense is to pause. Pausing to look more closely enables you to spot suspicious messages.

Sometimes the grammar or punctuation in a message gives it away. Other times it is less obvious. Mimicking large organizations is not hard. The hackers cut-and-paste a logo and copy the organization’s layout and fonts. But does the message sound correct?

If it appears to be from someone you work with, would the person write that way or ask you to do that? Does it seem a little “off?”

Before you do anything else, check the “from” line – not the name but the email address. It may be the reputable company’s name and logo, or even the boss’s name, but the actual email address is wrong.

Hover over, but do NOT click the link. What URL appears?  Is it that reputable company’s URL, or is it something else—maybe a lot of numbers and letters?

Robo-calls might seem transparent, yet people fall for them. Whatever the alarming message, Do NOT press “1.” If you think there may be a real issue, independently look up and contact the organization to inquire.

Not all dangerous phone calls are the robot kind. A few of the more famous hacks occurred when the hackers, unable to find out the right code or password to get past a security level, called someone in the organization who very helpfully gave it to them!

Mike Rose, Security Engineer at White Ops, a cyber-security concern, identifies these elements of a good defensive strategy:

  • Keep an eye on the news – know what’s out there
  • Update your operating system regularly
  • Don’t open attachments or links
  • Enable firewalls
  • Avoid answering unknown calls
  • Regularly backup your devices
  • Contact the real sender

 

Semper Vigilans

Generally, accounts payable people are accustomed to taking a skeptical stance. Their job is guarding the company’s cash. That skepticism serves them well. But attacks that appeal to fear, as in a false report that an account has been hacked or compromised, can fool us. Likewise, our desire to be helpful, or our anxiousness to support the finance director or CFO, can cause us to drop our guard.

So, beware. Remind your team to stay alert. When they see something “not quite right,” pause, check. Have them contact you or the appropriate person in IT. Cyber security experts at Heimdal Security recommend the following to protect your organization:

  • Review and limit access controls and admin rights to the appropriate staff
  • Hold cybersecurity training sessions
  • Perform staff exercises and testing
  • Plan incident management, not just prevention

Be vigilant!

InvoiceInfo and VendorInfo provide safe, secure vendor communications. To learn more, contact us.



Stop Calls and Emails, Enhance
Service and Increase Profit!

InvoiceInfo saves labor hours and cost by helping suppliers and internal staff easily and instantly get answers online to their invoice-payment questions.

If you are like many finance leaders today, you are being challenged to reduce costs more quickly. InvoiceInfo delivers real bottom-line results almost immediately, allowing you to deploy your customer service staff to focus on more productive, bottom-line oriented tasks.

Let us show you how InvoiceInfo's vendor self-service portal can help your organization eliminate invoice inquiry emails and calls while enhancing service to your accounts payable customers.

VIEW ALL BENEFITS
close-link

Get Up and Running Quickly and Seamlessly

InvoiceInfo and VendorInfo are standalone applications that can be up and running in as little as two weeks, with little or no IT resources required.

The faster your online portal is up and running, the sooner you will start reaping the benefits. InvoiceInfo and VendorInfo are dedicated solely to helping AP and procurement departments slash the time and expense of servicing vendors, while improving customer service for their suppliers.

InvoiceInfo and VendorInfo are simple solutions with big results. They are easy to implement and easy to use. Here’s how one customer described the process: “You give vendors a URL, provide instructions about what they need to know and tell them to go use it.” It really is that easy.

VIEW ALL BENEFITS
close-link

Improve Productivity with a Self-Service Solution

For most organizations, deploying a technology solution is a significant investment, and like most investments, the decision point ultimately comes down to the expected return on that investment.

According to a recent benchmark study by The Accounts Payable Network, 60% of AP customer service calls are from vendors while 40% are from internal customers. Vendor issues actually make up even more of the AP call volume than the 60% identified. Many times when a vendor has an issue, the vendor contacts their buyer or purchasing representative, who in turn contacts AP. Even though the call comes from an internal customer, the question originated with the vendor.

Vendor calls affect productivity in your organization exponentially. When vendors call the requisitioner, they are affecting that person’s productivity. Your internal customer’s productivity shrinks when fielding the vendor’s call and again when making the follow up call to AP and getting back to the vendor. Finally, AP’s productivity suffers as a result of the internal customer’s call, the payment status research and the follow-up communication.

With a minimal investment of IT time and talent, you can start reducing customer service calls and expense in a matter of weeks. In addition, you improve vendor relations since you are giving your vendors what they want — answers to their questions immediately — a win-win for everyone involved!

VIEW ALL BENEFITS
close-link

Easy and Economical Solution to Serve Vendors Around the World

InvoiceInfo can help you provide best-in-class customer service to your vendors around the world at a fraction of the cost.

Many organizations today have offices and operations throughout the world and are dealing with many time zones, different languages, and in some cases multiple ERP systems. InvoiceInfo currently supports different languages and can easily work with multiple ERP systems in different locations.

The key to good customer service is to provide the information that the customer wants when they want it. Whether your customer is a vendor waiting for a payment or a colleague that needs information on payment status, they want their information right away. If your organization has vendors and offices in other countries, they can be challenging and expensive to serve. But, with InvoiceInfo, your international vendors and internal customers can access the information they need when they need it.

With InvoiceInfo, you won’t have to staff your customer service team with 24-hour coverage in multiple languages to provide high-quality customer service around the world.

VIEW ALL BENEFITS
close-link

Enhance AP’s Role As a Strategic Partner

Learn how InvoiceInfo can help AP do more with less while continuously improving productivity and bottom-line results.

Many automation technologies such as scanning, workflow, e-invoicing, ACH, and electronic invoicing require significant investments of money, time and talent, making it difficult to get buy-in from upper management. Not InvoiceInfo!

If your goal for your AP department is to reduce costs quickly, call or email us today to learn more about how InvoiceInfo can help you achieve this goal through a quick, inexpensive and easy implementation of a vendor self-service portal.

VIEW ALL BENEFITS
close-link

Enhance Vendor Relationships

InvoiceInfo helps suppliers’ AR departments with simple and convenient access to invoice payment status online at a cost savings for all involved.

It may seem that the organization paying the vendor should hold all the cards in the relationship. But sometimes the opposite is true. Past-due payments and customer service perceptions can harm supplier relationships and disrupt the supply chain.

Your vendors and vendor relationship managers are living in a dynamic, fast-paced environment, so when invoice information is required, it is needed quickly and expected to be of high quality. With InvoiceInfo, your suppliers get answers to invoice inquiries real time, 24/7 with no need to leave messages and wait for responses. Studies show that confidence in data increases when suppliers access invoice and payment information themselves.

VIEW ALL BENEFITS
close-link

Give Procurement and Buyers the Tool They
Need to Respond to Vendors Quickly

Not only can InvoiceInfo be used by suppliers to learn the status of invoice payments, it can also be used internally within your organization.

In addition to reducing calls from vendors regarding invoice status, you can also reduce internal emails and calls from co-workers wanting to learn the status of invoice payment, and save time and effort and boost efficiency and productivity across the organization. Studies show that 40% of AP customer service calls are from internal customers. Many of these are from requisitioners who have received calls or emails from the supplier checking on payment status. These calls are often more expensive for the company because the internal staff member has taken the call or received an email from the supplier, contacted AP for the payment status and had to return the call or email the supplier.

By providing the vendor with a convenient and credible online option to get the answers it needs regarding payment status, you can eliminate multiple calls/emails between the vendor and the requisitioner saving time and money.

VIEW ALL BENEFITS
close-link

Eliminate Difficult Vendor Calls and See
Productivity and Staff Morale Soar

Reduce invoice payment inquiries and “promote” your vendor service team to more satisfying and profit-producing tasks.

By sharply reducing inbound calls and emails regarding receipt and payment status that your AP staff must handle individually, your staff can focus their efforts on more productive, cost-saving activities, learn new tasks, feel more confident and boost their careers.

According to a recent American Express survey on customer service, more than one-third of consumers have lost their temper with a customer service professional in the past year. Of those who lost their temper, three in ten “hung up the phone.” Your staff will no longer have to deal with difficult collectors who can be upsetting and disruptive. Your staff will feel that their time and talents are being put to better use and will feel better about themselves, their jobs and their organization. Reducing these calls can be a real productivity and morale booster for your AP department!

VIEW ALL BENEFITS
close-link

Simplify and Streamline Vendor Onboarding

According to Price Waterhouse Coopers, the average organization spends about $20 in labor to file each paper document, approximately $120 in labor searching for each misfiled document and $220 in re-creation of a document.

Wouldn’t it be great to have all your W-9’s, W-8’s and other registration documents completed online and instantly filed online for easy access when needed? With Vendor Self-Service Onboarding Module, VendorInfo, you can onboard your new vendors in one convenient location and eliminate paperwork and hassles.

VIEW ALL BENEFITS
close-link


Verify the Accuracy of Vendor Information and Stay in Compliance with IRS and Treasury Department Regulations

Government regulators are increasing the complexity of regulations and penalties associated with vendor-related non-compliance.

Penalties for incorrect 1099’s have more than doubled in recent years. Over the last several years, OFAC has levied more than $1 billion in fines against American companies or subsidiaries that did business with restricted businesses, organizations and individuals on its SDN list. In addition to fining these companies, the Treasury Department posts the names of infringing organizations along with fines paid.

VendorInfo Onboarding Module verifies the accuracy of vendor information and helps protect your organization by avoiding embarrassing penalties and fines.

VIEW ALL BENEFITS
close-link
Book Your Live Demo

BOOK DEMO