Recently, it has come to light that Save the Children Federation was swindled into wiring $1 million to cybercriminals. The money was allegedly going to buy solar panels for health centers in Pakistan, which is well within the scope of the organization’s standard operations. Unfortunately, the transaction was not uncovered as fraudulent until a month after it occurred, thus they were unable to stop the cybercriminals from making off with the funds.Thankfully, insurance paid out all but $112,000 of their embezzled million. Nevertheless, with the right set of internal financial controls in place, this incident could have been prevented. If we live in a world where hackers target organizations like Save the Children Federation, they will have no qualms about targeting your business. So, stay ahead of the hackers. Check out our list of procedures your business can implement to minimize the risk of theft:
- Avoid clicking links provided in emails as an avenue for making payments.
- Assign one person to cutting checks and authorize a separate person to sign the checks.
- Only allow checks to be signed after they are completely filled-out and there is documentation, such as an invoice or written approval, available to support them. Never sign a blank or partially filled-out check.
- Require two signatures on checks above a certain limit. Similarly, have an additional person (or two) sign off on significant wire transfers.
- Always call the recipient of a wire transfer directly, to verify account numbers before sending funds.
- Ensure all new vendors and bank account instructions are confirmed over the phone and not via email.
- Place someone in charge of monitoring your business’s bank account and transactions, daily. This way, if anything out of the ordinary occurs (ex. double charges, unusual payments, or unauthorized transactions) you can act right away.
- If anything seems odd, call your bank right away and ask them to investigate.
- Perform bank reconciliations against your accounting software every month.
- Implement a layered approach to cybersecurity at your business. Be sure your security setup includes endpoint security, email filtering, a firewall, and staff training on identifying phishing emails.
It’s important to have solid financial policy and procedures written up and distributed to all your staff. Then, it’s all-hands-on-deck to ensure that the procedures are followed and enforced. Revisit the protocol once a year and revise it as you see fit. Be sure to account for changes in your business environment or strengthen areas where you have experienced issues. Have questions? Give us a call at 402.398.9580. We look forward to hearing from you.