Cybersecurity of organizations
Commercial fraud is a scourge that is difficult to prevent and detect. The ubiquity of information technologies, the constant accumulation of data and the fact that discussions are increasingly virtual have created vulnerabilities that have allowed malicious organizations to diversify their fraudulent practices or made them harder to prevent.
Cyber-risks essentially include all threats that exploit vulnerabilities inherent in technological environments or processes. The last ten years have witnessed the growth of organized cybercrime that has mounted attacks on several fronts: phishing, spear-phishing, network intrusions and social hacking, all aimed at hijacking and monetizing identities, personal information, corporate data or trade secrets, and perpetrating sophisticated frauds. Among the various scams that have emerged lately are the “CEO Scam” or “Business Email Compromise” involving fraudulent international transfers of funds.
As the old saying goes, “An ounce of prevention is worth a pound of cure.” An organization should therefore consider the following prevention strategies and review the following processes:
Heightening awareness among company employees
is essential in order to remind all staff members to be constantly vigilant and to use critical thinking in responding to any unusual request.
Implementing internal control processes
aimed at preventing fraud and including a provision for verifying that a request is legitimate, limited access to sensitive data, a framework for delegating authority in the case of money transfers, and the need for two signatures to approve any transfer over a certain amount.
The need to consult an in-house auditor or key individual such as in-house legal counsel
The need to consult an in-house auditor or key individual such as in-house legal counsel, to validate the legitimacy of specific types of requests. Because of the nature of their duties, those people are already in an ideal position in their role as confidentiality watchdog.
A review of internal processes
is fundamental, in terms of both financial governance and technology systems. An organization must endeavour to limit public disclosure of sensitive information, particularly on the Internet and social media, which have international reach.
Consulting with legal advisors
is crucial in order to properly structure mechanisms to be put in place for limiting risk exposure.
In spite of the rising tide of fraud and embezzlement, we can a victim company has legal remedies intended, as the case may be, to obtain compensation or to restrict the damage.