The email seemed innocuous enough. It appears to come from a long-established vendor who merely sent an updated service invoice attached as a Word document. However, as if often the case, mere appearances can be deceiving. Clicking on this email would have actually provide an opening for into the computer and the wider company network with malicious software - malware - specifically designed to sniff out usernames and passwords.
This type of cyberattack can potentially wreak havoc far beyond the finance department, possibly accessing information all the way through the system and out into an employee or customer's (personal) computer network. In this case the Accounts Payable (AP) team was smart enough to smell the phishing attack and not open the document, instead checking with the vendor and discovering that their e-mail system had indeed been hacked. The breach was averted.
Unfortunately, this is but one example of many how accounts payable teams and their colleagues are exposed to technology-savvy hackers and cyber risks on an almost daily basis. Indeed, the rise in attacks targeting financial data has become a nightmare for businesses, CPAs, and even the government. With accounts payable fraud becoming more rampant, even more so now since many firms had to switch gears during the pandemic and rely on remote working arrangements, solutions for accounting and technology are more important than ever before.
So what is the importance of proactive accounting cybersecurity and how is artificial intelligence in accounting helping control the level of security and make a difference in keeping your firm and your clients safe?
The continuing rise in cybersecurity risk
When market researcher Ardent Partners surveyed the landscape for its annual report "The State of EPayables 2021", they discovered that almost four out of ten companies had been targeted by a cyber fraud attack in 2020:
“The pandemic’s main impact on physical mobility and fewer face-to-face interactions led to a decreased reliance on paper invoices and checks and wider usage of digital and electronic payments. The unfortunate downside is that fewer in-person meetings and negotiations may have opened the door for B2B payment fraud. Conducting more business outside of the office and operating as virtual teams translated into greater IT and data security risks.”
Partially thanks to effects from the 2019 pandemic as well as advances in technology, the threat continues to grow. A recent study by Keeper Security - "The 2022 Cybersecurity Census Report" - found that the average UK business now experiences 44 cyberattacks per year or more than three every month. In addition, it found that almost one in five businesses (17%) are subjected to over 500 attacks in a single year. To put that into perspective, that's roughly two cyberattacks every working day. The report also showed that 46% of IT leaders expect that both the total number of cyberattacks and the number of successful attacks will increase over the next 12 months.
The scary number? Only 26% of those organisations surveyed consider their business to be very prepared to face and defend against cyberattacks despite recognising and even having experienced harm from such attacks.
Network security won't bulletproof your AP process
The current and expected increase in threats, combined with the impact on the company as a whole and even the lack of preparation, is one reason why increasing cybersecurity and protecting financial functions has become a top priority for organisations both large and small. But what constitutes a secure accounting system or process? Certainly, getting there involves more than just battening down the hatches to prevent unauthorized network access and relying on closer scrutiny of permissions. After all, classic IT security is all about protecting data and defending the network against external and internal malfeasance.
Even investing in a stand-alone network security system or even hiring a cyber security specialist is not sufficient to ward off the risks and threats facing the finance function. That doesn't mean it isn't necessary; rather, you can think of it as an access control, a much-needed moat as the first and essential line of defense to protect your castle of IT infrastructure, whether it runs on premises or - as is increasingly the case - in the cloud.
However, a moat only gets you so far if the problems are located inside the organization. These can include such things as faulty processes, lax workflow rules, technically clean but error-ridden files, or even employees working with outsiders (intentionally or not). The smart way to protect your operations and cash position calls for an accounting management system that natively includes many accounting cyber security features.
Here’s how Ardent Partners summarizes the task at hand:
“Cyber-criminals have become more brazen (and more technologically advanced) since the pandemic began, resulting in billions of dollars of fraudulent payments and activity over the past sixteen months. Businesses must pump resources, time, and energy into how to not only prevent payment fraud, but also develop a program in which potential issues can be mitigated before they escalate into a full-blown fraud crisis. AP can play an important role in leading this conversation.”
-png.jpeg)
How AP automation will catch errors, mistakes, and fraud attempts
An automated end-to-end accounts payable workflow is an internal cybersecurity defense system against cyber criminals, creating a security checkpoint for both company and client information. It checks invoice information immediately upon arrival, easily ferreting out exceptions like conflicting bank account information or amounts, flag them as suspicious, and automatically route them to a designated human set of eyes for further review. No accidental disclosure of information, no typos, and best of all, no paperwork. It’s a state-of-the-art approach to maximize accounting cyber security as well as save time and money.
There are three key ingredients to a platform that’s secure, speedy, and scalable for adaption to your specific business needs:
Digitization
Digitalization is the process converting any type of document and information into a structured electronic (digital) format for further processing. It enables an organization to go paperless and no longer worry about misplacing or losing documents containing sensitive information that could land in the wrong hands. Dumpster divers, in other words, will come up empty-handed.
Big Data
Big data is a term that describes large volumes of data - both structured and unstructured - that arrives and grows in every-increasing rates. It's important because when either the historical or real-time data is analyzed it can provide valuable insights into customers, partners, and transactions that companies can use to refine strategic initiatives and become more response to wants and needs.
A model cloud-based platform will securely index and store large amounts of data - big data - extracted from invoices, purchase orders, and other documents. A modern automated AP platform such as Yooz is capable of doing this at high speed and in real-time. The result is improved visibility throughout the invoice processing and payment workflow, enabling all parties involved to keep track of an invoice or document within the workflow. This is a huge help when it comes to answering supplier inquiries, creating an audit trail, and maintaining legal compliance to government regulations.
Machine Learning (ML)
This subset of artificial intelligence uses all the data fed to the system to automatically learn and improve your business processes with little to no human intervention. Ideally, you’ll arrive at straight-through processing and see drastically fewer exceptions. Since a cloud-based ML platform has seen invoices in the millions submitted by tens of thousands of vendors, it acts as a security gateway and excels at detecting unusual patterns and can flag a transaction as potentially fraudulent.
The many benefits of smart accounting cybersecurity
Let’s quickly summarize the tangible ways how an investment in cutting-edge automation helps marry accounting and cybersecurity to securely improve process while saving time and money:
- Platform-deployed frequency analysis to compare outstanding amounts against usage history.
- Automatic recognition of duplicate invoices and/or payments, whether intentional or not
- Robotic process automation providing customized, agile, and airtight internal rules for invoice review, approval, and payment.
- Easy traceability of every action and task, identifying fraud attempts and keeping detailed logs on who accessed what documents.
- Automatic alert when vendor bank details change and identification of forged documents.
- Pairing with existing accounting or ERP system to ensure both security and operability.
Check, check, check: how a Purchase-to-Pay (P2P) platform boosts accounting cyber security
Being prepared is key to success and when a platform can help you achieve this, plus increased data security, plus save costs, plus increase speed, plus a rapid Return on Investment (ROI)? It provides a win-win situation for all parties involved with the exception of the criminal themselves.
From beginning to end, there are many steps along the entire purchase to payment workflow where intelligent AP automation will increase accounting cyber security without forcing a business to significantly change its processes. As mentioned above, data security starts right at the beginning with quick invoice capture and three-way matching of invoices to their corresponding purchase orders and notes of goods received. Any red flags or doubts get immediately sent to a human line of defense, routed to AP experts who now have enough free time to focus on the tasks where their experience matters most.
Intelligent AP automation also raises the bar for initiating payments. Even if an invoice has passed muster and is ready to be set up for payment, the system can perform one more round of additional security checks, considering metrics such as payment volume and velocity.
Keeper Security said it best: "This research demonstrates that cyberattacks present a profound threat. Preventative measures, in the form of investment, education, and cultural shifts, will be essential for businesses to drive resilience and protect their organisations from cybercriminals."
Investing in Accounts Payable Automation makes AI-powered risk management an almost invisible feature of your back-office operations. Isn't it time to get into a security mindset and invest, fortifying the network security moat with a strong second line of defense against errors and bad actors?
