March 29, 2019

A Costly Lesson

A Costly Lesson

Facebook and Google just got duped out of $100 million by fraudsters – at least temporarily. The crook, pretending to be a vendor, sent invoices to unsuspecting employees, who wired the money, according to Fortune. The perpetrator then moved the cash to various foreign bank accounts.

Fortunately, both companies detected the fraud. Facebook told Fortune it recovered most of the funds, and Google recouped all of its money.

If the biggest tech companies in the world can get scammed like this, then let’s face it: we’re all vulnerable. Cyberthieves keep getting better and better, and even the smartest professionals can get conned if they let their guard down. Attempts to defraud us at Marcum and me personally happen regularly with bogus emails, purportedly from me to our accounting department and my assistant, all asking for money to be wired. We’ve been lucky (and smart) with protocols in place to ensure detection of these attempted frauds.

For our clients, Marcum has found that the best line of defense is helping them train their employees to spot signs of cybercrime and comply with company protocols when it comes to sensitive information or dispersing funds. Our cyber team is one of the fastest growing parts of our Advisory Services practice.

It’s not just your tech team and the people in your accounts payable department who need to stay up to speed. Everyone in every company is a potential target for nefarious cyberactivity. Even a summer intern with very limited access to information can accidentally leak a piece of data that crooks can use to put your company or your funds in jeopardy. Or more commonly, the CEO can be the weak link in the security chain, since a company’s substantial investment in cybersecurity can create a false sense of confidence among those who approve the budgets that their system is beyond breaching. Plus, they’re typically publicly visible and easy for cyber criminals to track. Many perpetrators of cyberfraud are involved in organized crime rings. Unfortunately, they are very good at phishing for data until they get what they want.

Fortunately, cybersecurity experts, including ours, are getting better by the day at finding ways to outsmart crooks, or at least catch them in the act. If you’re worried that your firm may be vulnerable, I’d be happy to connect you with someone from our Cybersecurity Technology Risk Management Services group. They help many of our clients fight the ongoing battle against hacking, cybercrime, corporate espionage, malicious destruction – and comply with regulations that companies must follow on this front.

Robotic process automation is another area where companies need to be vigilant about cybersecurity. Regular readers of this column know that I’m a big believer in the time savings and efficiency RPA brings to the companies that use it. But as with any new technologies deployed to improve systems’ functionality and efficiency, it is important to step up cybersecurity monitoring and protocols to prevent any potential vulnerabilities.

Sometimes, when I read about frauds like this latest one affecting Facebook and Google, I am wistful for the days when all of our records were stored on paper in metal file cabinets, under lock and key – or at least we could assume that all of the invoices in our email inbox were legit.

But there’s no sense pining for the past. We all have to change with the times. The information age has brought tremendous benefits for all of us, but also risks. By making sure you do what it takes to keep your company secure, you’ll be able to keep your focus where it should be – on growing your business.