By Kate Williams, CPA, CISA – IT Security & Compliance Partner
As a society, we are becoming increasingly aware of phishing scammers—thieves who conspire to steal credit cards or private financial information. We’ve all heard stories of people being robbed of their savings; their money sent off to a Nigerian Prince or some other far-fetched scheme.
At Maxwell Locke & Ritter, we are particularly interested in a more sophisticated trend involving fake company invoices, where a scammer is targeting companies and their customers with fictitious invoices and payment options. For example, a phishing scam may replicate an invoice and then send it to the accounting department, directing the funds to be wired to a scammer’s account as payment for services. Later, when the fraud is discovered, neither the business nor the customer can identify who requested or received the funds, so there is no easy avenue to reverse the scam or neutralize the damage.
CNBC has reported on scams involving both Google and Facebook and over $100 million in stolen funds, so even the greatest tech giants have fallen victim to a well-executed scam. In the Gartner 2020 Board of Directors Survey, it is reported that cybersecurity is a big topic of conversation among executive teams and boards of directors, with an estimated 40% advocating for a dedicated cybersecurity committee by 2025. And the Federal Trade Commission has singled out this rising threat in a helpful report educating consumers on how to recognize and avoid phishing scams that use fraudulent emails, texts, or copycat websites to get victims to share valuable personal information.
To help mitigate these risks, our firm offers effective solutions for companies seeking to fend off sophisticated cyber-scams. Two of these are:
Internal Controls Assessments are performed by our local team of Certified Public Accountants and Information Security Auditors as a part of our IT Security services. These assessments provide a way to identify risk areas and implement controls specifically designed to mitigate risks without being overly burdensome or time consuming. Our Internal Controls Assessments are tailored to each company based on industry, applicable regulations, company size, financial systems, and IT architecture.
Maxwell Locke & Ritter also offers SOC for Cybersecurity examinations for companies and non-profit organizations. This particular type of “audit” is an entity-wide assessment of your organization’s cybersecurity risk management program, providing a trusted framework to communicate your data protection and information security capabilities to your customers. The report details your cybersecurity efforts according to a formal risk management framework in such a way that executives, investors, and other business partners can understand them.
So, before a scam happens, we provide our clients with an avenue to identify risk areas and implement controls to prevent and mitigate them. Paired together, these independently certified evaluations are designed to be useful both internally to address unique security risks and mitigate them, as well as externally to provide a communication platform to share with existing and prospective customers. Together they serve to build confidence in the safety and reliability of your systems.
For experienced assistance, please contact us for a consultation. We look forward to helping you reach your security and compliance goals.