Cyber and Crime
Cyber crime risk isn't what you think
The media would have you think that financial crime is committed by hoodie-wearing, Guy-Fawkes-mask-sporting hackers in shadowy rooms surrounded by multiple computer terminals, feverishly tapping away at their keyboards to intercept your e-mail and read your every secret.
That might make good television drama, but it's not really the risk you should be most concerned with. It does happen of course, but I suspect that the media latches onto this trope because it makes the viewer feel powerless and unable to prevent the prototypical Russian wunderkind (in hoodie and mask, natch) from stealing his bank credentials.
What are more realistic risks?
- Social engineering.
- Trusting e-mail information without verification.
- Not verifying changes or additions to supplier or customer records.
- Having a single person handle financial transactions from start to end.
Notice how these are all human risks?
Mitigations and safeguards
- Don't trust any changes to bank or payment information without verifying on the phone or in person with a known representative.
- Don't call the phone number on the e-mail itself to verify. Use the phone number you already had in your records.
- Have a minimum of two staff members be required to approve new suppliers.
- Don't let any one person raise purchase orders, approve purchase orders, and issue payment.
You can trust, but verify first
Every single one of my clients over the decades who've suffered embezzlement or financial crime by a (formerly) trusted staff member would have sworn black-and-blue that the crime was impossible and could not happen. But don't forget that things go wrong in people's lives - all it takes is a drug or gambling addiction, and your 20+ year lifelong staff member can rob you blind. Trust your staff, but please verify.
Insurance is helpful if things have gone wrong, but it's better to prevent disasters before they happen. With decades of experience in no-nonsense risk management advice, I can help guide you through the risk management process and help make simple changes in your business or activities to protect your staff, volunteers, clients, and your bottom line. I'm here to help make your life easy.