As discussed in our most recent LinkedIn post, COVID 19 has forced companies to review and amend their operations top to bottom. And whether these changes are temporary or long-term, one thing is certain: the impact on both business and employee culture is permanent.

The best businesses right now are doing two things: 1) finding ways to stay open and 2) evaluating the future. And the best leaders of these businesses understand the value of employee training, especially in times like these: a safe, secure environment creates well-being for employees and customers, which enables more innovation with less interference. Given the current circumstances, employees want to be sure that their employer is looking out for them. The first step in achieving this (while also keeping the cash registers ringing so that your strategic plan has a future) begins with a wholistic understanding of the business risks. That is, surveying.

While traditional consulting and surveying is simply not plausible right now, recent advancements in technology and encrypted video have made virtual surveying a viable option.  For businesses considering a virtual survey, the team at Lowers & Associates has compiled a list of insights and considerations that may be helpful in your discovery process:

• The primary benefit of virtual surveying is that it can be conducted anytime, anywhere. With no travel, virtual surveying is one of the best ways forward-thinking businesses can control costs.
• Virtual surveys are less disruptive to the organization and provide quicker report-in-hand turn around. This can be a massive advantage for organizations pressed for time or with reduced staff capacity.
• Always a collaborative exercise and NEVER the “lesser of two evils,” virtual surveys can often provide deeper insights than those conducted in-person (sometimes business owners feel more at ease with a physical distance between themselves and the surveyor).
• Rapid advances in technology come with a learning curve. Leading risk mitigation consultants should be versed in a suite of technology applications to successfully execute a virtual survey.
• Information is information, right? Sort of.  Asking the right questions matters, knowing how to analyze the answers makes all the difference, and consistency is king.  Virtual or not, surveyors reviewing requested documentation and/or an audio/visual recording of the survey should be able to turn around the same exact results.
• Consistency is key in both business and surveying. Virtual surveyors should be able to hand over responsibilities to another surveyor if one should fall ill or become unavailable. Process can be both a businesses’ arrow and its Achilles Heel!
• Virtual surveying should include an ability to perform the following:
  • Pre- survey meetings
  • Staff competency and interviews
  • Reviews of:
    • Day to day operations
    • Site physical security
    • Insurance
    • Fiduciary Controls
    • Policy & Procedure
    • Vault construction
    • Crime and illegal activity (Local and Countrywide)
  • Facility Design Consultation
  • Follow up consultation meetings

Adaptation is crucial for businesses during this real-time reinvention of the workplace, and for 30 years, Lowers & Associates has pushed the boundaries of technology to keep those workplaces safe (this includes virtual surveying). #OurWork #Together has also always been collaborative, and so we encourage you to view and share the insights, stories and applicable tips that our team has been publishing at the Lowers & Associates LinkedIn page. If you have any questions, please contact us.

It’s hard to imagine that, on any given day, over $3 trillion dollars moves via electronic transfer.  Financial institutions make these B2B transactions happen seamlessly on a global scale, and we often take for granted the very simple instructions required (and accepted) between businesses that make single transactions of millions of dollars possible.  Since organizations perform these transactions almost exclusively online, the Internet of things has an inherit opportunity for malicious redirection when company employees become complacent with routine wire instructions.

Responsible organizations follow robust, documented and accepted practices in an environment that embraces process.  The culture of any high reliability organization allows employee intervention and systematic controls to prevent fraud opportunities.  It may feel as if these processes are tedious and repetitive, however, at the end of the day, human actions allow fraud to exist.

Since 2016, it’s estimated that over $26 billion in fraud losses has come from wire funds transfers as the result of business email compromise alone.  With the recent COVID-19 pandemic event, fraudsters have a new ability to exploit corporations, especially in highly impacted areas.  It is important for organizations to maintain a culture of process and have contingency plans in place to allow transfers to continue seamlessly.

On the Lowers & Associates LinkedIn, we’ll be highlighting a series of security insights that are applicable to ANY industry (the second bullet below should look familiar).  Specific to wire transfer fraud, here are a few additional actions employers can take to remove risk and eliminate potential for loss:

• Strengthen screening and re-screening employment practices.
• Integrate and document responsibilities of all parties authorized in dual controls into processes involving preparation of wire transfer instructions and authorizing and approving such transfers.
• Ensure there is independent and frequent review of investment transactions by a knowledgeable party.
• Conduct semi-annual audits of the wire transfer function. Ensure auditors review password requirements and controls during each examination.
• Conduct annual penetration tests and annual security audits of web-based wire transfer applications that are hosted by the company or by a third-party application service provider.

BONUS: These are a few additional steps that businesses should think about adopting:

• Email social engineering education.
• Passwords should be at least 14 characters, must be complex (at least 1 of each): 1 Uppercase, 1 Lowercase, 1 Number, 1 Symbol and changed every 90 days.
• Two-factor identification.
• Appropriate insurance coverage for the business.
• Monitor banking accounts regularly.