Away on Business or Vacation? Tips to Keep Fraud from Happening Back at Work

Summer is here, and so are vacations, long weekends, and out-of-office replies. But before you check out, it’s time for a quick check-in on something that often gets overlooked: cybersecurity.

In this timely episode, Debra Richardson and Grace Chlosta revisit practical, often-forgotten cybersecurity tips that AP and AR professionals really need to know, especially when stepping away from the office. Whether you're planning your next trip or just came back from the IOFM Spring Conference, this episode is your go-to guide for staying safe on the move.

Perfect for professionals headed on vacation, traveling for conferences, or just looking to up their cyber hygiene game.

Whether you’re poolside or in a hotel lobby, this episode will help you protect your data and your team, no matter where work takes you.

Click here to access the Vacation and Travel Security Tips Handout

Click here to access the Cybersecurity Tips for International Travelers Handout

Click here to access the Cybersecurity When Traveling Tips Handout

Debra Richardson

Debra is an Accounts Payable speaker, consultant, and trainer with over 20 years of experience in AP, AR, general ledger, and financial reporting for Fortune 500 companies including Verizon, General Motors, and Aramark.

For over a decade, Debra has focused on Global Vendor Maintenance, and implemented a vendor self-registration portal for 140k+ global vendors across seven ERPs. In her consultancy, she focuses on authentication techniques, internal controls and best practices to prevent fraud in the vendor master file.  She is the President of the Central Atlantic Region IOFM Chapter and the IOFM Ask the Expert for the Vendor Master File Category.

A Certified Fraud Examiner (CFE), Debra works with vendor management teams to clean their vendor data and update their vendor processes so they pay the right vendor.

She has a YouTube channel where she posts vendor master file tips every Tuesday and hosts a weekly podcast: “Putting the AP in hAPpy”.

Grace Chlosta
Senior Content Manager, IOFM

Grace is the Senior Content Manager at the Institute of Finance & Management (IOFM), where she has led content strategy and development since 2022. In this role, she oversees all aspects of IOFM’s digital and event-based content, ensuring it remains timely, relevant, and actionable for all financial operations professionals.

Grace manages IOFM’s robust library of site content, leads the organization’s editorial and member webinar programming, and hosts IOFM’s podcast series. She also oversees a team of subject matter experts who contribute thought leadership and educational articles. In additional, Grace curates and manages all speaker content for IOFM’s in-person and virtual events, ensuring consistency and quality across every touchpoint. With nearly three years in the role, Grace brings a deep understanding of the financial operations landscape and a passion for delivering content that empowers professionals to excel in their roles.

Transcription

Grace Chlosta: Welcome to the IOFM podcast. This is a podcast for accounts payable and accounts receivable professionals who want to stay in the know with current AP and AR trends and ideas. We'll be interviewing professionals in this space on a wide variety of subjects, including automation, artificial intelligence, career growth, compliance, leadership, and much more.

Hey, Debra. How's it going? 

Debra Richardson: Hi, Grace. It is going just fine. Still kind of catching back up from the IOFM Spring Conference, but, yeah, it's going great.

Grace Chlosta: I know. We're recording this just a few days, it feels like, after all just left. It was so busy. It was so good to see you in person. Hopefully, you guys have all listened to our episode that we did on site, which was super fun. We were just catching up about that. How was the conference? Are you feeling excited to be back?

00:01:03

I've heard from a lot of speakers and attendees that it almost reignites them to do their job a little better and to think more about AP, AR. So how are you feeling post-conference? 

Debra Richardson: So I'm feeling great. I got over the fact that, in a couple of sessions, I was like, "Have you guys heard of me?" And like one or two people raised their hands. But --

Grace Chlosta: Not okay. [chuckles]

Debra Richardson: No, no, but the thing is, is we had a lot of first-time folks there. That was the first time that they were hearing about the things that I talk about, and that, in itself, re-energized the whole room. It was good.

Grace Chlosta: Absolutely, that's awesome. That's so good to hear. We always have so many first-time attendees, which is awesome. Keep on coming back, but it's great to have new folks and have them learning about all of the great stuff that we're presenting on.

00:01:52

So we're going to talk today about a really interesting topic. We're going into Memorial Day Weekend coming this upcoming weekend, a very busy time for a lot of folks. The title of today's podcast is "Tips to Keep Fraud from Happening While You're Away on Business or Vacation Throughout the Summer Months." Tell me how it's good timing. Why is this important right now, and what are we going to be covering today? 

Debra Richardson: So we're recording this in May and it's right before a busy vacation time, because everyone usually takes vacations in the summer. They're taking off times of the year, but families with kids, the kids are out of school, and so there's a lot of summer travel. Not to mention that also there's always business trips all year-round, including the conference we just go back [from], and we've got a fall one coming up. So it's a great time to start talking about how to protect your team members so they're back at work, protect them from fraud happening to them because -- or from them being targeted for fraud because you're out of the office. So it's a great time to talk about it.

00:03:13

Grace Chlosta: Yeah, absolutely. So walk us through it. If you're away at work and you see emails coming through -- or what are the top tips that you could give while you're away to prepare yourself for fraud that may occur while you're gone?

Debra Richardson: Yeah, so I do have three PDFs that are tips for traveling that come from three different organizations, and I'm going to go -- we can actually -- I'll go through each of those, and we can actually use as an example what we did last week --

Grace Chlosta: Absolutely, perfect.

Debra Richardson: -- to see if we have heeded any of this advice.

00:03:51

But before we get to that, there is one tip that I always give that I don't believe are on any of the three tip sheets I'm going to talk about, but it is very important. This is, if you have direct reports and you're out of the office, maybe you're scrolling on your phone and you see an email about a vendor request, and it only came to you. So you don't want to just forward it to your team because you're trying to be helpful, to make sure that the request gets processed. 

However, if you just forward it to the team, they may assume that you reviewed it and it's okay to process, just because you sent it. Grace, you know, [when] you're looking at a tiny phone screen, it is hard to spot even some of the most obvious red flags because that screen is too small. 

00:04:58

So even if you do check, it still hard to catch those red flags, and so you don't want to just send it to your team to process. You want to make sure that you let them know that you haven't reviewed it and please review it. Don't just send it 'cause they might just process it. So that's my two cents. 

Grace Chlosta: That's such a great tip. I can imagine. Some folks have laptops when we're on site, but a lot of folks, including myself, mostly just run around with our phones in our hands, checking things that might come through that are really important, and you might think you're doing the right thing by sending that off, but that's a really, really great tip, and I feel like a really great spot for fraud to slip in.

00:05:43

Debra Richardson: Right. And so, with that then, let's talk about the three resources that I'm pulling from. The first one comes from the National Cybersecurity Alliance. They've got some vacation and travel security tips. You guys may or may not have heard of them. They are affiliated with staysafeonline.org. It's the same organization that gave us "AI Fools: Stay Sharp Week" and cybersecurity awareness month in October. They've been doing that for like 20-some years.

It's also the same organization that spoke to the chapter that I'm a leadership member of: the Central Atlantic Region IOFM Chapter. They actually came on twice. Once they talked about employee cybersecurity behavior, and that was very interesting. We actually had a lot of folks join that. And then they also hosted a game about cybersecurity. 

Grace Chlosta: Oh, fun.

00:06:52

Debra Richardson: Yeah, and that was a lot of fun. We didn't have a prize, but it was like, hey, you've got bragging rights. You'd have thought I won that. I played, but I didn't win, dang it. [laughter]

Grace Chlosta: That's hard to believe.

Debra Richardson: Okay, everyone, don't stop listening, but, yeah, I didn't win that. [laughter]

Grace Chlosta: You should've lied there.

Debra Richardson: Okay, so I have one from them, and then I also have one from the Cybersecurity and Infrastructure Security Agency, and it's all about cybersecurity when traveling, [a] tipsheet. This is something that -- an organization that our CSO or information security team probably belongs to. And then the last one -- we've all heard of the Federal Communications Commission, so some cybersecurity tips for international travelers.

00:07:46

Believe it or not, it's probably not surprising, but there are some additional security tips when you're traveling abroad that you may need to put into place. And so I've got all three of those, so let's go ahead and jump in. 

Grace Chlosta: Yeah, sounds great.

Debra Richardson: The first one coming from the National Cybersecurity Alliance, these are the vacation and travel security tips. This one says, even if you leave your desktop computer at home, you probably stay connected when you're vacationing. Checking on our phone -- we just talked about that -- on the beach or on a mountaintop, and so let's talk about what they say to do.

The first thing is they tell you to travel lightly, so limit the number of devices you take with you on your tip, because the more laptops, tablets, smartphones you take with you, the more risk you open yourself up to. Okay, that makes sense. 

00:08:56

Grace Chlosta: It does.

Debra Richardson: And then check the privacy and security settings on web services and apps, so set limits on how and with whom you share information. That's always good, I feel like.

Grace Chlosta: Oh, yeah. I agree.

Debra Richardson: Yeah, you might want to -- if you're on vacation, though, you might want to change some things, like location tracking, so that's good. Set up the Find My Phone feature. I need that anyway. I can't find my phone at home, in the car.

Grace Chlosta: I just noticed mine is not even -- I need to be taking all of these tips, because so far I'm like sitting here, oh, no. I need to set up that gap for personal use, and I think that's a great tip for vacationing, as well.

00:09:36

Debra Richardson: And I never thought about it. So, yes, it will give you the ability to locate your phone if you lose it, but it also gives you the power to remotely wipe it, like remotely wipe data, or disable the device.

Grace Chlosta: Oh, that'd be great.

Debra Richardson: Yeah, so that's good. And then it gives like password protect your devices, so we know that's a thing. Update your software. That should always be done. Back up your files. Wow. So this can be -- if you've got your phone, and just talking about a personal level, when we're talking about vacations and all those photos. [laughter] I have thousands of photos.

Grace Chlosta: Me too. And one of my best friends uses just Google Photos. Every photo that she takes just -- she has -- I don't know how this is set up. I'm terrible with this sort of thing, but it goes automatically into her Drive. All of mine is just one my phone. If I were to lose my phone, I'm very, very bad with file backup. People get mad at me in my life. They're like, "How are you surviving like this?" And I don't know. I'm living on the edge.

00:10:52

Debra Richardson: Okay, so this one's for you, Grace, so back up your files -- and anyone else --

Grace Chlosta: I need it.

Debra Richardson: -- that hasn't done it. So here are some best practices while you're on the go. So that was like before you go, so now you are on the go, actively manage your location services, because you want to make sure you're not exposing your location, even through photos. That's a good one.

Grace Chlosta: Ooh, that's interesting.

Debra Richardson: Yeah, so just turn it off when you're not using it. And then I feel like we all know about using secure Wi-Fi, but maybe not. Don't transmit personal information or make purchases when you're on vacation.

Grace Chlosta: I was actually traveling back from IOFM Spring, in the airport, at a restaurant, trying to connect to their Wi-Fi and it wouldn't let me go onto my personal email from the airport Wi-Fi for some reason. So I feel like some companies have it pretty locked down as far as what you're able to join. So secure Wi-Fi is a big one.

00:11:58

Debra Richardson: Yeah. And I'm actually glad to hear that you said that because it could be that the Wi-Fi that you thought was the restaurant's, or you thought was the airport's, actually was not, right? Because how do we know what every airport and restaurant's name of their Wi-Fi -- the legitimate Wi-Fi should be? So that's great.

And then -- oh, this is a good one, and I've said this before, too. I don't know where I saw it at first, but always think before you post. So think twice before posting pictures that let everybody know you're away. Wait until you get back to share your magical memories. And I know I did that, Grace. When I was there, I met folks that I have seen before, folks I haven't seen before. Everybody wants some pictures. And that's all great, but I didn't post any of that until I got back. 

00:12:53

Grace Chlosta: That's the safest way to do it. It's just a few days, and it's well worth it.

Debra Richardson: Yeah, because we know those fraudsters are trolling us on Facebook, LinkedIn. You post that you're away -- and that's how they got the shark lady -- Shark Tank lady, Barbara Corcoran, yeah. So don't post it until you get back. Also, protect your physical devices. Lock the -- oh, lock them in a safe, if possible. You know, I never do that with my laptop.

Grace Chlosta: I don't either. I was just on a vacation in March, had my laptop. I didn't probably take it out once. It was just there just in case I needed to answer anything for work [that was] important. But, yeah, it was just in my room the whole time. That's a really good tip.

Debra Richardson: Wow. It also says, don't leave 'em unattended or hand 'em over to strangers. Like if you're at a restaurant, don't have somebody watch it. I feel like most people shouldn't do that anyway, hopefully not. But that can be scary.

00:13:59

Oh, this next one -- so I think it's a couple more -- stop auto connecting. Disabled remote connectivity and Bluetooth, because some devices will automatically sync and connected to available wireless networks. Mine does that and I have to turn that off. 

Grace Chlosta: I haven't noticed that, but I feel like my Bluetooth is always a little funky anyway, so most of the time mine is off unless I need it to be on for Airdropping photos or connecting to my car, or something like that. But otherwise, I usually keep it off.

Debra Richardson: All right, and then the last one they have is, if you share computers, don't share information. So avoid public computers in hotel lobbies and internet cafes, especially for making online purchases or accounts.

00:14:49

If I remember correctly, during the walk -- so at the conference, there was a hallway that you walked to get to all the conference rooms, and on the way was a business center. Most hotels will have that. I did. I looked. There were a couple of computers there. Yeah, I didn't use either one of those. But, if you have to, just make sure you're not going to accounts that you're going to be making purchases, accessing your bank accounts, none of that. That's good advice. 

Grace Chlosta: Absolutely. Those are really, really great tips, things I wasn't even thinking about, and tips I feel like we could all apply for upcoming vacations, personally or work trips.

Debra Richardson: All right, so that's the end of the one from the National Cybersecurity Alliance, so let's now look at the one from -- which one is this one range of motion? This is from Cybersecurity and Infrastructure Security Agency. What they tell you, what an information security team member at your company may tell you to do, when you're traveling.

00:16:02

All right, so this one looks like it's some of -- a couple of new ones, but might be some things we already went over. So if you connect it, protect it. Oh, I like that saying. 

Grace Chlosta: Yeah, me too.

Debra Richardson: If you connect it, protect it.

Grace Chlosta: That's perfect.

Debra Richardson: Whether it's your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating system. Sign up for automatic updates. Companies probably already have you covered on that, but it's still a good saying to keep in mind.

Grace Chlosta: Absolutely.

00:16:45

Debra Richardson: This one also says to back up your information. But a new one is to enable multifactor authentication or MFA to ensure that the only person who has access to your account is you. That's something that -- I don't know if that advice is changing in the future, but it's better than just allowing someone that maybe got a hold of your username and passwords, maybe on the dark web, if that happened, that MFA would stop it. I feel like that --

Grace Chlosta: That's great. And I feel like companies, in general, hopefully, are taking advantage of putting these things just on the computers already. I know our team is really, really locked down with MFA and those sorts of things. So it's good to hear and I feel like most people are realizing that that's the best way to stay protected.

00:17:42

Debra Richardson: All right, and then just two more. One is to know who to call for support. I feel like that's something that, if you don't know, it's an easy thing to get. If you're out and about and you have issues, or you think your system is compromised, who to call for IT support. And then also have a plan on the actions that you will take, so that's good advice.

Grace Chlosta: My IT team is in my phone, as well, just in case. They probably don't like that.

Debra Richardson: Yeah, but you know what? They will like it if your system got compromised.

Grace Chlosta: Right, absolutely. No, absolutely.

Debra Richardson: All right, and then the last one here -- so this is about social media, too, like don't tell 'em you're going to be away from home. I like what they call it: never click and tell. [chuckles]

Grace Chlosta: Oh, fun, yeah. Absolutely.

Debra Richardson: But they put another little twist to it, so they said to disable geotagging.

Grace Chlosta: Ooh, yep.

Debra Richardson: Geotagging. Never thought about that. Is that the same as location tracking?

Grace Chlosta: So, yeah, I would think it'd be similar. So if you were to post when you were away, on Instagram or something, and maybe you tagged the restaurant you were in front of -- I think just from a safety perspective, even if it's not fraud at home, I feel like that could be pretty unsafe, right? So if you do want to post, at least not sharing exactly where you are could be a good measure.

00:19:06

Debra Richardson: All right, so that was good, again from an information security/cybersecurity perspective. Let's look at the last one. Now, this one should have some separate or different tips because it is talking about international travel. Oh, I've got to remember if I did any of these when I went. I don't know.

Grace Chlosta: I know. I'm scared, too, now.

Debra Richardson: Okay, so they said -- they've got 'em divided between before you go, while traveling, and then when you get home. So let's check these out.

00:19:47

So, before you go, you need to back up your electronic files. We knew that. That was in another tip. Remove sensitive data, like remove it. 

Grace Chlosta: Oh, interesting, okay.

Debra Richardson: And then install strong passwords. So that -- hopefully, for what we still have that have passwords, you have strong passwords, which I think passwords that are 20 digits or 26 digits long or more take years to break, so that's always good.

Grace Chlosta: Oh, that's great to know.

Debra Richardson: And confirm your antivirus software is up to date. And they have, "If you take it, protect it." That's another little thing that they say, that's like the phrase they used with the CISA tips. If you take it, protect it.

Grace Chlosta: I think that's great.

00:20:53

Debra Richardson: And then, while traveling, you're supposed to be vigilant about your surroundings, where and how you use your devices, so that's good. But they tell you to keep your devices secure in public places, to that's good. Take care that no one is trying to steal your information by spying on your device while it's in use. So they say to use a privacy screen when you have like your laptop.

Grace Chlosta: Oh, yeah, I actually just had a friend install one of those for work trips.

Debra Richardson: Well, you know, we used to use that. I don't know how many listeners are in the same situation, but as managers, if you're with a big enough company, you're still at a cubicle with everyone else. You may have no problem with that, but you may be looking at some sensitive information, and so I know they bought us privacy screens for our monitors. It's great to use when you're traveling, too, so that's good.

00:21:53

Grace Chlosta: I think so.

Debra Richardson: I hadn't thought about that, actually.

Grace Chlosta: No, I think that's a great idea.

Debra Richardson: Yeah, you're working in an airport. You don't know who's walking behind you.

Grace Chlosta: Right. And you're just trying to get work done, even if you're at a restaurant, wherever you might be in the airport, yeah, it's scary to work, and a lot of our work includes that sensitive data, so I think that's a great tip.

Debra Richardson: And then also while traveling, they talk about be cautious while using public Wi-Fi. And then some other helpful tips. Don't use the same password or PIN numbers abroad that you use in the United States. So are you supposed to change all of them? It did say change all your passwords and PIN numbers, I guess. Wow. Yes, so it also has don't use public Wi-Fi to make online purchases, access bank accounts. We have that.

00:22:49

When logging into any public network, shut off your phone's autojoin function. And then, when using a public Wi-Fi network, adjust your phone settings to disconnect from the network, then log back on again. Oh! And what they say here is try purposely logging into public Wi-Fi using the wrong password. 

Grace Chlosta: Ooh, that's interesting.

Debra Richardson: Yes, because if you can get on anyway, that's a sign that the network is not secure.

Grace Chlosta: Right, that's a huge -- that's a really great tip. That's one I feel like all of us could try.

Debra Richardson: Yes, that is one. We can all try that one. And I had not -- I had heard that before for like when you -- if you think you've got a phishing email and you click on the link and it looks a little suspect. So put your wrong information in and see if it will still take it.

00:23:47

Grace Chlosta: That's really smart.

Debra Richardson: Yes, but I never thought of doing that on the road, using like public Wi-Fi, so that's really good.

Grace Chlosta: And I feel like a lot of these tips are just not things I would even think about, because sometimes you have that vacation brain where you're not thinking about steps that you should be taking. But these are all just easy things that we could do to protect ourselves.

Debra Richardson: All right, and then, lastly, when you get home, it says that electronics and devices used or obtained abroad can be compromised, so your mobile phone and other electronic devices may be vulnerable to malware if you've connected with local networks abroad. So make sure when you come back to update your security software, and then change your passwords to all your devices. Okay. You know what? That's not a bad step.

00:24:43

Grace Chlosta: It's not that hard. People think, "Oh, I have to change my password. There are so many passwords." But it's 10 minutes, or less, I feel.

Debra Richardson: Yes. I actually do like that. I will say that -- and it was a few years ago when I traveled internationally, so it was probably -- I'm going to use the excuse that it was before I heard about this (Laughter.).

Grace Chlosta: Me too.

Debra Richardson: I did not change all my passwords on my devices when I got home, but you know what? It can't hurt anything, and it will definitely protect your devices if you unknowingly picked up some malware or your systems or devices were compromised and you don't know about it.

Grace Chlosta: Right, absolutely.

Debra Richardson: Yeah, so that's it with the tips. I feel like these are all great tips that everyone can do.

Grace Chlosta: Absolutely.

Debra Richardson: Yeah, as we plan to go on vacation this summer or business trips, on that to-do list, put down the tips that can help you as you are traveling with your devices. Put those on the to-do list and get those done, too.

Grace Chlosta: Absolutely. So we'll have all three of those resources linked in the landing page copy in the show notes. So if you want to take a look yourself and if you want to recap and write them down for yourself before you're traveling, check the descriptions because those are a great place to find all that info.

00:26:16

Debra Richardson: All right, well, that's great. I'm glad you're doing that so that everyone will have access to it. And, yeah, I learned a lot this time.

Grace Chlosta: I did, too. And even just thinking about it personally, I think that's all really quick and easy things. It would take, probably all of this, less than 20 minutes to make sure that you're safe going into summer travel, so thank you so much, Debra, for bringing that to all of our attentions.

Debra Richardson: No problem. And you know what? It's not too early to get the kids involved with their devices, either.

Grace Chlosta: I agree completely.

Debra Richardson: Okay, all right, great. All right, thanks, Grace. This was fun.

Grace Chlosta: Thank you, Debra. It was fun. We'll talk to you so soon.

Thank you so much for listening to the IOFM podcast. Remember to head on over to the Member Forum to discuss today's episode and provide ideas for our next one. And to stay up to date on IOFM's current events, both in-person and virtually, head on over to IOFM.com.

Continuing Education Credits available:

Receive 1 CEU per hour of listening time towards IOFM programs:

Receive 1 CEU per hour of listening time towards maintaining any AP and P2P related program through IOFM! These programs are designed to establish standards for the profession and recognize accounts payable and procure-to-pay professionals who, by possessing related work experience and passing a comprehensive exam, have met stringent requirements for mastering the financial operations body of knowledge.

Continuing Education Credits available:

Receive 1 CEU per hour of listening time towards IOFM programs:

Receive 1 CEU per hour of listening time towards maintaining any AP and P2P related program through IOFM! These programs are designed to establish standards for the profession and recognize accounts payable and procure-to-pay professionals who, by possessing related work experience and passing a comprehensive exam, have met stringent requirements for mastering the financial operations body of knowledge.