Protecting Your ASC From 'Invoice Fraud': 7 Best Practices
There's a growing cybersecurity threat facing ASCs and all businesses. Invoice fraud, also known as business email compromise (BEC) or supplier invoice fraud, is a sophisticated scam where cybercriminals attempt to trick staff members within an organization into making payments to fraudulent accounts. These attackers often use social engineering techniques, forged emails, or compromised accounts to impersonate trusted vendors, customers, or even fellow internal personnel to manipulate victims into transferring funds to the wrong bank accounts.
To help protect your ASC and its financial interests, follow these seven best practices.
1. Verify all payment requests. Always verify payment requests, especially if there are changes in account details, payment amounts, or unusual payment methods. Reach out to known contacts through verified phone numbers or in-person meetings before proceeding with any fund transfers.
2. Use secure communication channels. Ensure that sensitive financial information, such as account numbers and payment instructions, is shared only through secure communication channels. Avoid discussing or sending payment details via "regular" email. Instead, use encrypted emails or encrypted communication platforms.
3. Implement strong authentication. Strengthen the security of your email accounts and other relevant systems with multi-factor authentication (MFA). MFA adds an extra layer of protection, making it more difficult for unauthorized individuals to access your accounts.
4. Educate employees. Conduct regular training sessions to raise awareness among your employees about invoice fraud and other phishing scams. Teach them how to recognize suspicious emails, requests for sensitive information, and potential social engineering tactics.
5. Enact strict approval processes. Establish a clear and robust approval process for financial transactions, especially for large payments or changes in payment details. This process should involve multiple parties to validate the authenticity of the request.
6. Maintain updated contact lists. Keep a current list of trusted vendors and suppliers and their legitimate contact information. Ensure your employees are using the correct contact details when communicating about financial matters.
7. Monitor and report. Regularly monitor your financial accounts for any suspicious activity. If you suspect any fraudulent attempts or encounter a potential scam, report it immediately to your IT and/or security team.
Always Keep Your Guard Up
At Surgical Notes, we take security seriously and strive to protect our clients from potential threats. We hold the gold standard (SOC 2 Type II) for data security. Our systems achieve the highest levels of security, reliability and scalability, providing confidence in and transparency into our operations, processes, and results. However, successful security requires a partnership. It is crucial that our clients — and all ASCs — remain vigilant and proactive in safeguarding their business interests.