9DECEMBER 2021apart from internal messages. As an added layer of safety, we identify harmful attachments before they reach the user's inbox. We make a practice of reviewing all licensing and maintenance agreements for email client and server software to ensure we take advantage of all protections offered.Banking securityAt Austin, we recognize there are times when the old tried-and-true methods work best. For banking security, verbal verification is an effective method to ensure banking inquiries and changes are legitimate. Take direct deposit as an example. We recommend establishing a company policy to contact employees by phone to confirm changes to direct deposit. If an organization allows electronic submission for payroll or direct deposit information, safeguards must be in place to ensure the requests are not fraudulent.Personally, I have seen too many occasions when an organization becomes complacent on security practices or prioritizes speed over safety.Skipping a simple verification cancostthe company when money is sent in error electronically. Doing so will likely cause a brief hardship for the employee when it is entirely avoidable.A similar verification process should be implemented for any changes to banking information for vendors.Flags or protections from modifications to vendor banking information should remain active at all times.Removal of these protections should only be activated when making approved changes. After approved changes are made, it's important to restore the flags or protection to ensure continued account safety. In addition, verification procedures should be in place for any changes requested to a vendor's contact or banking information. We recommend always contacting the finance department of the organization making the request, a reliable last line of defense against potential security breaches.In fact, several SAS (software as a solution)providers put the liability of account information on the payee.Due to this, and because of the risk of electronic payment fraud, many companieshave reverted to manual issuing of large checks if not being paid through a secure third-party SAS, a practice we recommend.Going a step further, at Austin we've implemented an added layer of security for our banking information that we learned from an industry peer. We stipulate contractually that any change to Austin's banking information necessitates a change to our contract or, at a minimum, a formal change order. This protects us from imposters providing new banking information to customers who might unwittingly make payments to the fraudsters. This innovation requires all changes to be formally documented and establishes a clear process for managing our banking process. Of course, these are just two examples of the cybersecurity threats that challenge Austin Industries and our peers in the construction industry. For all threats large and small, we believe in establishing robust security processes and creating consistent training and communication strategies to support them. While we may sacrifice some of the speed that today's electronic and cloud-based solutions offer, the added security provided is well worth the added effort. Joe McLaughlin
< Page 8 | Page 10 >