According to a recent article in the Financial Times, there is an epidemic of fraud going on that has affected more than 12,000 businesses around the world. The scheme involves a criminal group carefully crafting an email to appear as if it is coming from the CEO of a company. They then send this email to one of the senior executives of the firm and instruct him or her to wire money to an offshore account under control of the criminals.
This scheme combines a dose of hacking with an ample serving of chutzpah. But, thousands of businesses around the world have fallen for the scheme, in at least one case for as much as $90 million! For boards of directors, this is a scary trend and one that requires both tackling new challenges and getting back to basics. All companies, large and small, need to be on their guard against hacking. Cyber security is rapidly moving to being a core issue for all companies. Many of the most devastating hacking attacks take forms much like this 'CEO scam' in which there is a small amount of technology (in this case the fraudulently crafted email) and a large dose of what hackers call 'social engineering', i.e. traditional con artistry.
The best defense against this sort of scam is three fold: First, to ensure the board members and senior executives are up to date on the proper use of technology so that they can detect these sorts of scams. Even the most well crafted fraudulent email of this type will have some telltale, but subtle, signs that it is malicious. Second, company technologists need to be on the lookout for these sorts of fraudulent emails in order to screen out as many they can. Though no spam filter is perfect (and this sort of email is a kind of particularly nasty spam) they can certainly help.
Third, and most importantly, it is critical for boards to have the right controls in place in order to safeguard company assets. If, as CEO, you sent an email to a member of your team asking them to wire $90M to an offshore account, would they do it without checking with you? Who else in the organization would need to authorize a transaction like that, if anyone? As a board member, are you comfortable that the organization's controls for approving the disbursal of funds are good enough so that a scam like this would be caught? Are you confident that the executive team knows what the controls are, or at least where to find the documents that describe them?
In many ways, the more things change, the more they stay the same. It has always been critically important that boards implement the right controls to balance the need for organizational agility with the need to maintain good stewardship of the organization's assets. At iBoardrooms, we can help you do that. With a simple repository of key corporate documents (such as a payment authorization policy) that executives and board members can easily access to ensure that the payments they are making are legitimate and approved by the right people in the company, iBoardrooms makes it easy for organizations to be both agile and secure. Try us free for thirty days to find out more.