Safeguarding the Kingdom: Avoid Being a Target for Cyberfraud
With the Internet becoming a common business tool, middle-market companies are increasingly seen as ripe targets for cyberfraud.
Company leaders must realize that while customers and employees enjoy the ease of transferring funds, taking orders, and making payments online, the use — or misuse — of the Internet can imperil an entire organization.
Many small to midsize companies are too busy running their businesses to fine-tune their security configurations, install the latest updates, or consider if they have enough security protections for their operations.
A study by Guardian Analytics and the Ponemon Institute showed that 20 percent of the companies surveyed now conduct all of their banking transactions online, potentially exposing themselves to cyberfraud.
“The convenience of working online makes doing business easier, but the cyberenvironment presents a whole new world of risks,” says Nicole Rackov, a cyberfraud investigator with Comerica Bank Fraud Services. “If a cybercriminal breaks into your company’s computer system, they can compromise online bank accounts, financial records, and intellectual property.”
Criminals target companies with sophisticated “social engineering” techniques like phishing — masquerading as a trusted source, e.g., what appears to be an email from a friend — to trick victims into divulging information. A recent twist on this scam targets unsuspecting business owners who aren’t aware their company email accounts have been hacked. A cybercriminal poses as a legitimate vendor and sends the business an email or invoice requesting that payment be mailed to a different address than is on file. The email includes language that creates a sense of urgency, not giving the business time to contact the vendor and verify the changes. Unfortunately, the payment ends up in the hands of a cybercriminal.
A similar scam called “vishing” uses voicemail purportedly from a financial institution to instruct the victim to enter private information to “reactivate” a “disabled” account. “Spear phishing” has the same intent, but targets victims with what appears to be a familiar connection — say, a “follow-up call” from somebody claiming to be a trade show exhibitor offering a free trial of the latest business software.
“Your employee probably wouldn’t think twice about accepting such an offer, especially if they had just attended that show,” Rackov says. “But when they download the ‘free trial,’ they may have just exposed the company’s network to criminal activity.
“By enticing an unsuspecting employee to click on an infected email attachment, accept a fake friend request, or visit a compromised website, the cybercriminal can install malware on the company-owned computer and effectively receive the keys to the kingdom. Once installed, the malware can track the keystrokes used to enter passwords or even see the pages an employee visits as he or she browses the company network.”
Limiting the Risk
Rackov recommends that companies minimize the number and restrict the function of computers that are used for the organization’s online banking.
“Consider using a stand-alone computer that is not connected to the company network,” she says. “For automated clearinghouse and wire transfer payments, use a ‘dual control’ process where one person authorizes the creation of the payment file and another authorizes its release from a separate computer.”
Rackov stresses that employees should not be permitted to access their personal social media accounts from company-owned computers.
“There are too many opportunities to click on bad sites or ads and unknowingly install malicious software and spyware,” she says. “If your business uses social media, manage it from a dedicated computer.”
Companies’ adoption of BYOD (Bring Your Own Device), which reduces capital investment by letting employees use their own laptop or tablet for work, requires particular attention.
“My first recommendation is that employees should treat all public Wi-Fi networks, such as those in cafes or airports, as a security risk,” Rackov says. “Also, make sure employees have access to a virtual private network (VPN) that requires an additional layer of authentication.”
Rackov says the best ways to protect against cybercrime are the simplest: Never share user IDs or passwords, install a firewall and malware detection software, and never open suspicious emails or links. The cost of having a knowledgeable IT person on staff or on call to install and maintain security systems is well worth it compared to the potential cost of a security breach.
“Security is like profit — it’s not an option,” Rackov says. “And nothing is more important than the security of your data, which is the lifeblood of your business. How you handle and protect that data is central to the security of your business and the privacy that customers, employees, and partners expect.”
For more information, contact Comerica Bank Fraud Services:
Teresa Thornton, Senior Vice President, 248-371-6822 or firstname.lastname@example.org
Nicole Rackov, Vice President, 248-371-6127 or email@example.com
Comerica Bank. Member FDIC. Equal Opportunity Lender.
Protect Your Property: Variety of Tools Available to Companies
Creativity and innovation are key ingredients in the recipe for the success of any middle-market business. But whether your company’s Next Big Thing is a product, service, or even a novel way of doing business, it must be protected.
Companies can use copyrights, patents, trademarks, and trade secrets to safeguard the hard-fought ingenuity and inspiration – the intellectual property – on which their enterprises are built.
A copyright protects works of authorship such as writings, music, motion pictures, works of art, and computer software. The concepts that underlie both copyrights and patents are rooted in the U.S. Constitution, which states “The Congress shall have Power … To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.” A copyright generally lasts for the life of the author plus 70 years.
“Under current law, whenever someone creates one of those types of works and finalizes it in a tangible form, it’s copyrighted immediately,” says John A. Rothchild, associate professor at the Wayne State University Law School. “The copyright prevents others from copying the work, performing it, displaying it, or making a new work based on that work without permission.” For added protection in case a copyright has to be enforced, Rothchild recommends adding the “©” symbol or the word “copyright,” the year created, and the owner’s name to the work and registering it with the U.S. Copyright Office.
“These steps will help you establish ownership and get damages for infringement if it ever comes to a lawsuit,” he says.
Patent Protects Rights
A patent grants property rights to an invention (a process, machine, manufactured item, or composition of matter) for 20 years from the application’s filing date and is granted by the U.S. Patent and Trademark Office (USPTO) in exchange for public disclosure of that invention. “You must submit a patent application to the patent office and prove that your invention qualifies by being novel, non-obvious, and useful,” Rothchild says.
As technology evolves, patent laws are tested. The U.S. Supreme Court decided in 2013 that products of nature like human genes couldn’t be patented. Amazon’s patent of its “1-Click” e-commerce ordering system has spurred debate over to what extent “business methods” are patentable. In a move that favors those who can process paperwork in a timely manner, the America Invents Act of 2013 changed the U.S. patent application process from “first to invent” to “first to file.”
Acquiring Trademark Rights
A trademark is defined by the USPTO as “…a word, phrase, symbol or design, or a combination thereof that identifies or distinguishes the source of the goods of one party from those of others.” Trademarks include brand names that identify goods (Coca-Cola) and “trade dress” that consists of the graphics, color, or shape of packaging (the Coca-Cola bottle).
“You needn’t register a trademark to have protectable exclusive rights in it,” says William M. Borchard of the Cowan, Liebowitz & Latman law firm in New York. “Simply by using a mark on or in connection with goods, or by displaying the mark in the sale or advertising of services, you can automatically acquire trademark rights in the geographic area of use.”
However, registering a trademark gives evidence of the registrant’s exclusive ownership rights and provides greater defense against counterfeit products and illegal importers. The “TM” symbol can be used at any time to claim ownership, but the “®” symbol may be used only after the USPTO has registered the mark. Unlike a copyright, a trademark can last indefinitely as long as it continues to be used in connection with the product or service.
Federal and state laws protect rights to trade secrets (think KFC’s 11 herbs and spices), but the burden remains on companies to keep a lid on proprietary information.
“Trade secret protection is a narrowly applied but extremely important strategy for certain types of businesses,” Rothchild says. “If a secret gets out, you lose, but if you manage to keep it secret, you have the rights to keep it potentially indefinitely. Companies must determine what sort of intellectual property is most important for their business, then assign the appropriate resources to protect it. As with any business decision, you must know the risks and have a strategy to mitigate them.”
Comerica Bank. Member FDIC. Equal Opportunity Lender.
Building an Industry
Pounding the Pavement: Old-Fashioned Legwork is the Way to Gain Expertise
Old-fashioned legwork is the way to gain expertise
Whether a company is expanding business or has identified an opportunity to diversify into a new market, it must give serious thought to how it can secure the specialized expertise required to succeed in the new venture.
Acquiring the knowledge isn’t necessarily rocket science. Much can be gained by simply pounding the pavement.
“Before you even think of putting a business plan together, you must conduct the due diligence to understand if it is a legitimate opportunity for your company,” says Steve Swiftney, Comerica senior vice president, who has expanded the bank’s presence in the wholesale beverage business an average of 16 percent per year over the past five years. “You must study the industry and try to determine what the need is and how your organization can address that need. That’s the difficult part. If it were easy, everyone would have a solution for it.”
Trade groups, conferences, and publications are valuable sources of industry intelligence. Building one-on-one relationships with industry insiders like analysts, investment bankers, private equity firms, attorneys, accountants, and CPAs can help make sense of industry jargon and illuminate hot topics. Swiftney says he chose to pursue the beverage wholesaling industry after discovering that the segment was significantly “under-banked.”
Studying the Nuances
“There were many wholesalers looking for financing to either expand their brand portfolios or their territory, yet very few banks that were willing to lend to the sector because they didn't understand it and they didn’t know how to protect themselves from a collateral standpoint,” he says. “I spent many hours learning the nuances of the industry.”
By immersing himself in the beverage world, Swiftney was able to understand that a wholesaler’s value is based on its brand portfolio, market share, customer demographics, and spending habits in their respective sales territory, all of which translates into a “blue sky” method of valuation that needs to be understood by a wholesale beverage lender. He also learned how franchise laws differ around the country. For example, while some states require a beverage company to pay a wholesaler if it is dropped, wholesalers in other states can be stripped of distribution rights without compensation. “These are important nuances to understand because they essentially dictate the value of the business,” Swiftney says.
Understanding the Business
Joe Ursuy, Comerica senior vice president and manager of the bank’s Environmental Services Department, took a similar path to learn about the waste management industry.
“I asked everyone about current hot issues,” Ursuy says. “Once I started to triangulate all the data points, I began to understand the business, including how modern landfills treat methane gas and how the waste compacting process is engineered to preserve the life of the landfill. Learning about how a landfill is built and operated was not only interesting, but crucial to understanding the business.”
The portfolio of companies Ursuy received as an entry-level lender in 1999 contained three waste management companies with $75 million in loan commitments. Today, he manages a portfolio of 80 such firms with $1.6 billion in loan commitments.
According to David Shields, executive vice president and chief academic officer at Walsh College in Troy, Mich., companies should keep three themes in mind when building industry expertise in their organizations: culture, champion, and collaboration.
“It’s important that new ideas be greeted with some level of enthusiasm in the organization. The company culture should encourage employees to identify better ways of doing things and be rewarded for these ideas,” Shields says. “While current practices should be honored, they should not be protected from new, better approaches. Messengers should not be shot.”
Midlevel or lower-level employees who are often more attuned to newer technologies can bring great ideas into the organization. However, those new ideas might cause apprehension for more seasoned employees.
“It is critical that good ideas be championed by an upper-level manager with the internal status that allows him or her to protect the incubation of the idea and extend the developed idea to fruition,” Shields says. “Employees should be rewarded not only for good ideas, but for their contributions to the development and implementation of these ideas. Collaborative cross-disciplinary teams are often essential in extending external expertise into the company.”
For more information, refer to these online resources:
• Mashable: mashable.com/2009/10/27/industry-expert-how-to/
• Harvard Business Review: hbr.org/2013/04/make-yourself-an-expert/ar/1
• Intuit: blog.intuit.com/marketing/how-to-become-an-industry-expert/
Comerica Bank. Member FDIC. Equal Opportunity Lender.