Part V:CEO Fraud – Risk or Reputation – Who Is a Target?

The label of this category of cybercrime may be CEO fraud. But that doesn’t mean the CEO is the only one in  the criminal’s crosshairs. In addition, the HR team, IT manager, C-level and other senior executives and anyone with finance approval is likely to be on the receiving end of one of these attacks.

Finance: The finance department is especially vulnerable in companies that regularly engage in large wire  transfers. All too often, sloppy internal policies only demand an email from the CEO or other senior person to  initiate the transfer.

Cybercriminals usually gain entry via phishing, spend a few months doing recon and
formulate a plan. They mirror the usual wire transfer authorization protocols, hijack a relevant email account  and send the request to the appropriate person in finance to transmit the funds. As well as the CFO, this might be anyone in accounts that is authorized to transfer funds.

HR: Human Resources represents a wonderfully open highway into the modern enterprise. After all, it has  access to every person in the organization, manages the employee database and is in charge of recruitment.  As such, a major function is to open résumés from thousands of potential applicants. All the cybercriminals  need to do is include spyware inside a résumé and they can surreptitiously begin their early data gathering  activities. In addition, W2 and PII scams have become more commonplace. HR receives requests from spoofed emails and ends up sending employee information such as social security numbers and employee email  addresses to criminal organizations.

Executive Team: every member of the executive team can be  considered a high-value target. Many possess some kind of  financial authority. If their email accounts are hacked, it generally provides cybercriminals access to all kinds of  confidential information, not to mention intelligence on the type of deals that may be ongoing. Thus executive accounts  must receive particular attention from a security perspective.

IT: The IT manager and IT personnel with authority over access controls, password management and email accounts are  further high-value targets. If their credentials can be hacked, they gain entry to every part of the organization.

No matter the size of the company the involvement of the CEO and communication with their staff is critical in the leadership, lively hood and company success.

Next post find out ~ Board Oversight and Fiduciary Duty ~ Think Before You Click!

Tina Louise ~ ~ 888.871.6584

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s