Gone Phishing - In Professional Development

Gone phishing. Most articles read by Company Directors in 2020 have, in the main, been linked to Covid 19 – and this article is not any different.

During the pandemic, I have received many of your typical ‘phishing’ emails as I’m sure many of you have too.

All Company Directors have a duty to safeguard company assets and protect against fraud, a key responsibility that should be evident in the policies and procedures of any company. At board level, the responsibility for these, and many other matters, remain, however it is through the company’s policies and procedures that power and authority is passed on to others across the organisation to act accordingly.

It is vital, that by meeting formally as a board, you have the assurance coming back to the boardroom that these matters are being managed effectively. After all, working hard in the current climate to generate revenues and make profits is hard enough, but imagine all that hard work being undone by one successful phishing attack which sees funds leave your organisation, never to be seen again.

While you are working hard front of house, it is imperative you make sure the back door is shut and bolted, metaphorically speaking. The lurch into working from home, has extended and become almost business as usual for many organisations in 2020, but this shift has resulted in some very quickly embedded new procedures, informally adopted in the rush to adapt to the lockdown.

To maintain your own assurances, you need to ensure that further risks are not creeping into your business through, for example, unsecure IT networks and a lack of face to face interaction to verify financial payments.

As humans, we rightly want to trust people, and believe those around us are acting with integrity. Sadly, criminals prey on that trust, and in the midst of a pandemic, will play on the distraction too. Phishing attacks are becoming all too sophisticated, appearing genuine, and being deployed through not only email, but by text, WhatsApp and voice message.

So, one arrives in your inbox, you’re not in the office, and the circumstances portrayed are urgent.

What do you do?

• Firstly, stop and think. If this is a fraudulent request, how will you feel explaining this to the shareholder(s) as to how you’ve lost some of their money. I suspect you’ll quickly go through the required checks to ensure authenticity.
• As Directors, make sure you’re checking your procedures and that they are fit for purpose at this time, seeking to mitigate the potential risks you face, while at the same time make sure you have a framework to allow money to flow and business to operate. Basically, don’t sit back and think because you have procedures in place, and that you trust your team, that everything will be fine. Sadly, internal fraud happens too. So yes, of course, trust your colleagues, but have robust procedures in place, and make sure everyone is held accountable to them, no cutting corners ‘on this occasion’ – it’s nothing personal towards an employee, it’s your responsibility.

The working environment, locally and globally, has changed, potentially forever.

Have you changed any of your procedures to reflect that? If not, criminals will be working behind the scenes trying to make your business their business.

Stewart McCombe is the lead tutor on our Finance for Non-Finance Directors and Role of the Director and the Board. If you are looking to upskill your knowledge in any of these areas, speak to us today.