Keeping your company safe from monetary theft from cybercriminals is something every business needs to be on top of. A common method used by cybercriminals to steal is through hijacked emails. Cybercriminals target unsuspecting victims by gaining unauthorized access to emails by way of Spam, malware, phishing emails, compromised websites, and software exploits. Policy Procedure image

In 2017 hackers took advantage of a widely known exploit in Microsoft Office where PowerPoint slideshow decks infected with malicious code were used in spear phishing emails. Spear phishing as opposed to phishing emails targets specific individuals or companies--rather than sent in mass--to obtain unauthorized access and infect networks with malicious code. While this flaw in Microsoft was used to spread banking Trojans, and ransomware, other spear phishing efforts have been intended to gain unauthorized access to email accounts of key decision makers. The monetary loss to business can be significant as cybercriminals can use company email accounts to make (what appear to be) legitimate request for wire transfers and other important financial transactions. 

Having manual procedures in place for verification of financial transactions is a necessary yet simple safeguard to take in order to avoid theft. 

Set an internal policy for manual checkpoints before completing critical financial transactions—e.g., wire transfers, deposits, vendor approvals, etc…  

When receiving electronic communication for approvals or directives dealing with money changing hands, always get verbal confirmation.