CFO Studio Magazine - Curt Allen, CFO, Subaru

42 WWW.CFOSTUDIO.COM 1st QUARTER 2015 By Brian Hart CFO, Berjé Learn more about the author www.CFOstudio.com 2 CFO CFO Email Fraud W e all know the advantages of transacting business through email—speed of response, a living record of our conversations, and the ability to quickly and easily span geographic barriers and time zones. But the risks are often overlooked, even by many experienced practitioners, and are rooted in a lack of solid controls over howwe utilize email in conveying valuable business information, especially when dealing internationally. The 2013Norton Cybercrime Report estimates yearly global losses for all types of cybercrime at $113 billion. Cybercrime losses encompass muchmore than email fraud, but present a shocking view of the challenges we face every day in carrying out normal business. Cases abound of companies being defrauded by hackers who work their way into a stream of email communications, masquerading as a counterparty and providing fraudulent banking instructions. Masquerading schemes are on the rise, with hackers targeting low-level finance staff by sending emails, purporting to be from the CEO or CFO, directing the employee to urgently execute a wire transaction to a bogus account. What steps should your company take to avoid these scenarios?The defenses are largely old-fashioned common sense and established good practice. • Never rely solely on email for bank account instructions. Even with “known” counterparties, it can be very difficult to discern if the person on the other end of the email is a hacker. Require written confirmation on company letterhead to be sent via a traceable express mail service. Conduct in-person communication, careful over-the-phone conversations, or videoconferencing to ensure banking instructions are legitimate. • Use bank documentary collection services to link cash movements with the release of bills of lading and other customs documents. Terms such as CAD (cash against documents) can help address this issue. • Use Positive Pay services to protect your checking accounts against fraudulent check and ACH (automated clearing house) transactions. • Take a careful look at the language in your crime insurance policy. Carriers offer extensions for cyber fraud, but the coverage terms can be very limited, and the facts surrounding the fraud may or may not trigger your coverage. •Meet with company personnel to explain the issue and heighten awareness beyond the finance staff.The staffmembers working in purchasing, logistics, or other outward-facing functions might well be targeted. • Finally, don’t be afraid to slow down unusual transactions to allow for diligent confirmation. The daily pressures and urgencies of business, and the lightning speed and seeming legitimacy of email communications make it all too easy for hackers to take advantage. Electronic communication has become indispensable for us all, and this isn’t going to change. However, be sure to take the steps — and the time — to guarantee that proper controls are in place to protect your enterprise against the inherent risks in the convenience that email offers. C HOWTOPROTECT VALUABLE INFORMATION AND ASSETS ADDITIONAL SOURCES UnitedStates ComputerEmergency ReadinessTeam www.us-cert.gov FDIC www.fdic.gov/ consumers/theft InternetCrime ComplaintCenter (IC3) www.IC3.gov