What new risks are companies facing and what resources and tools are being used to mitigate cyber threats? It is important that business units understand that cyber risk is a business risk and not just an IT risk. What role does treasury need to play?
A session at NeuGroup’s Global Cash & Banking Group meeting recently took on these questions. The session prompted members to think more about protecting themselves from cyberthreats, with the presenter describing an automated payment tool the company developed for its own use.
The goal was to secure emails between the company and its banks and to also eliminate email requests from treasury payments. To that end it created a wire request tool that doesn’t accept email requests, thereby minimizing the risk of fraud via the highly popular impersonation attack. The process involves an upload between the wire request tool and the ERP (in this case SAP), that eliminates the need for re-keying information, which cuts down on human error.
And to be further secure, the company protects the tool from internal bad actors who may try to gain access to the tool’s algorithm. The company has given control of it compliance, which it sees as a critical part of the security and control system.
The issue resonated with members, many of whom told stories of hacks that started with opening email received from a working address within the company, or clicking on an ‘unsubscribe’ button that released malware; or clicking on a tracking link for a package.
The presenter also addressed the need to protect against internal bad actors. It did this by creating a ‘red team’ that went undercover to expose weaknesses in security by, for example, having an outsider put in a flash drive at someone else’s computer to download data without a password. The session revealed that there is a real need for internal education about improving cybersecurity throughout organizations. One message to spread: take a go-slow approach, be more inquisitive about unclear emails; ask more questions before clicking on links or opening email.
Speed, it seems, can be the enemy of security.