This story is not for the faint of heart. Turn back all ye’ who fear tales of cyber criminality and the potential loss of business funds due to complacency of your crew. A lesson will be learned by the end, I assure you! But along the way there be financial security questions all spoken softly within the closed parameters of a company conference room.
…What the–?? Still here, be ye’?!? A’right then, consider ye’self warned.
During a routine financial reconciliation, a business partner of ours uncovered some mysterious transactions on the company visa card. It hadn’t raised enough flags and waited to be reviewed at the weekly finance meeting. The transaction statement read thusly:
- Item 1 – An amount of about $10k was removed
- Item 2 – the balance was re-paid, almost in full
- Item 3 – another, similar, amount was removed
- Item 4 – the balance was re-paid again, almost in full
The end result, after 4 transactions, was a difference showing total loss of about a dollar fifty (or “$1.50”) (or, “one dolla-fitty”).
The loss of $1.50 won’t close your doors for good (and if it will, speak to your trusted partner in bankruptcy today!) but a mysterious transaction is a mysterious transaction.
The bank was called, they were quick to assure the senior finance person (let’s call him “Joe Finance” for anonymity) that any transactions not performed by the cardholder would be remediated and a new card could quickly be re-issued. Joe decided if the transactions were insured, there was no need for a new card at this time.
Now comes the point in the story where we’d like you to Choose Your Own Adventure!…
- If you think Joe has the issue is resolved, turn to page 23!
- If you think the Joe should continue looking into this and decide on what further steps are required, turn to page 12!
- If you only scrolled down to see what the deal with The Hardy Boys book was, you may go.
Page 23? You are wrong! Now Joe is fired and the business has been dissolved due to cybercriminals. Nice one.
At the weekly financial meeting, Joe was asked what the next step would be to resolve this. Confusion escaped from Joe’s lips with a short, quiet “uhh” that extended until he was thankfully interrupted by the business’ owner,
“Do we know how this person got access to the account to perform these transactions?”, she asked.
“We don’t know.” Joe proclaimed.
“Should we find out?”, asked the business owner.
“Well,” continued Joe, “If we just keep an eye on things, the transactions can be reversed, so let’s keep an eye on it….”, after a pause, Joe confessed, “…because if we get a new card, I’ll have to call all our vendors and business partners and update our payment information with a new card number. That would take half the day.”
After a further pause, Joe continued, if only to fill the silence, but really he had discovered the answer that was in front of him all along “We should get a new card. This is a security issue and we have no idea if they have our credentials, a second card, a second account or what they may do with the account next time.”
The finance meeting ended shortly after.
A new card was issued, all the credentials and passwords for the account were changed and all the vendors and business partners were called and updated with the new card number for transaction processing for the business.
And Joe, well, ol’ Joe learned a valuable lesson in thinking ahead to the next steps.
Complacency is Not the Answer
Further imagine what else could be done to the account, if left unchecked. If the reason the credentials were hacked cannot (or even if it can) be identified, it is in your best interest to update all credentials for the account: within the business, within the bank and online.
Thinking ahead to the next steps of an issue is typically referred to as the “ownership mentality” only because the bottom line impacts the owner personally, it’s their business after all. We feel it’s possible to get buy-in from your entire team on the importance of mysterious transactions, mysterious invoices, emails, phone calls and anything that seems “out of the ordinary” that could negatively impact your company.
The simple act of pausing and asking a few questions, including:
What happens next?
What happens after what happens next?
What is the final result and did we miss anything….?
Want to know more questions to help get further buy-in from your team? We are open to revealing our thoughts on the matter!