Why Cybersecurity Awareness Training Is Not Enough for the AP and Vendor Team

In today’s rapidly evolving digital landscape, cybersecurity awareness training is essential. However, for the Accounts Payable and Vendor teams it’s not sufficient for today's cybercriminals.

As an example, below are four common cybersecurity tips to avoid fraud and why they may not work with these teams.

4 Cybersecurity Training Tips That May Not Work for These Teams

1. Don't Click on Links/Attachments: One of the best examples is the advice to not click on attachments from senders that the receivers don't know or were not expecting. That's all these teams receive. Invoices and required vendor setup forms come as attachments on emails from vendors that the receivers don't have a relationship with. Many times AP nor the Vendor teams have advanced knowledge that those documents are arriving and if the documents are not processed then invoices don't get paid.
2. Examine Multiple Points On the Email to Determine if it's Fraudulent: The AP and Vendor teams receive a large volume of emails daily. These emails contain invoices to process, vendor supporting documentation to add or change vendors, or to ask questions about invoices or vendor setup. At the same time, turnaround time is expected to be efficient. No one can be expected to spot 100% of the fraud 100% of the time while processing a large volume of email requests.
3. Urgency is a Red Flag for Fraud: Internal team members can treat their vendor invoices are urgent, regardless of the due date - especially at year-end. As a result, urgency can be a frequent part of normal processing, making urgency related to fraud less of a red flag.
4. Make a Simple Phone Call: When vendors change their remittance information, the "silver bullet" control is to call and confirm the change. Vendors don't pick up, contacts are hard to find or reach, time zone issues for non-US vendors and more are just some of the issues with that "simple phone call". If the confirmation call was the silver bullet, payment fraud would be rare. Check out the September 2023 Newsletter about 3 confirmation calls here.

Customized Fraud Training is Needed

Fraudsters are targeting AP and the Vendor teams with evolving fraud tactics such as sending a request to change banking from the vendors actual email account (email takeover), using artificial intelligence to remove telltale signs of a fraudulent email like grammatical or context errors, and even deepfake images, audio and videos of leadership to appear legitimate.

More training is needed to not only identify these fraud attempts before the request is processed, but to also avoid making a fraudulent payment if the fraud is not identified. Being a "human firewall" is increasingly challenging. No one can be expected to spot 100% of fraud 100% of the time.

To avoid fraud, AP and vendor teams need comprehensive training and robust processes tailored to their specific risks. Today, there is a gap.

Bridging the Gap: From Cybersecurity Awareness Training to Customized Training to Prevent Payment Fraud – in 5 Steps

Don't miss this essential webinar (live or on-demand) to address this critical training gap and provide actionable strategies to fortify your accounts payable and vendor processes against cyber threats.

Immediate Takeaways:

? Common security threats unique to the account payable function

? Resources for free and paid training to prevent fraud

? Vendor setup and maintenance processes to avoid fraud

? 5 Steps to customized training to prevent fraud

Save Your Seat

Don't forget to subscribe to my monthly newsletter sharing content that will help you avoid fraud, compliance fines, and bad vendor data in the vendor process.

Want access to 163+ hours of vendor process training to avoid fraud, fines and bad vendor data? Start by creating a free account and get access to a resource library with vendor validation links, vendor process FAQs, and the ability to register for a 3 free training sessions. Register for your free account today.