COVID-19Cyber riskTechnology

Locking Up: Preventing Cyberfraud Attacks by Identifying Weaknesses

By January 12, 2021No Comments

NeuGroup members share successes and failures keeping their companies secure amid the shift to an all-digital workforce.

The all-digital work from home environment has left treasury teams more connected to their devices than ever, but also left them—and their companies—more vulnerable to fraud. But by identifying weaknesses early, teams can resolve issues before fraudsters even have a chance to strike.

  • Members at a recent meeting of NeuGroup’s Treasurers’ Group of Thirty discussed their approaches to prevent the threat, one that continues to worsen.
  • Fatigue caused by working from home led to a communication breakdown for one member’s company, but others reported success through their preparation.

Success stories. Many NeuGroup members reported recent close calls with cyber breaches and have implemented processes to prevent future issues.

  • One member nearly fell prey to a fraud scheme when a phishing email included highly detailed information about the company, which could have fooled an employee into providing secure information.
    • This happened because one employee innocuously posted an update on LinkedIn about the company’s goings-on, and the scammers are growing more and more advanced.
    • The member suggests encouraging employees to only share what is necessary on social media to keep malicious third parties in the dark.
  • Another member had an issue with hackers accessing the company’s internal instant messaging system, allowing them to imitate employees with “no way to verify it was them.”
    • Some members use a series of steps to authenticate accounts before accessing sensitive information, including callbacks from verified phone numbers.

“A breakdown in communication.” One NeuGroup member had this type of system in place, but a series of internal mistakes led to a loss of nearly $10,000; thankfully, the member said they were able to recover the stolen cash.

  • When a new employee was hired at the member’s company, fraudsters hacked the digital account of an actual vendor that the company uses and corresponded with the new employee from a seemingly authentic  email address.
  • Though the member’s company does use a callback authentication process, he said there were application errors “on multiple levels” and plans more frequent audits and training to identify and prevent these weaknesses in the future.
    • “Fatigue is a real issue,” another member said, recommending smaller, “bite-size” trainings for employees to prevent burnout and ensure employees apply the knowledge they learn.
Justin Jones

Author Justin Jones

More posts by Justin Jones