Wearing Layers: Maybe Having a Dedicated Machine For Treasury Transactions Makes Sense

Wearing Layers: Maybe Having a Dedicated Machine For Treasury Transactions Makes Sense

Sign-Up Below To Have Them Delivered

Many treasury groups toy with the idea of having a separate machine or even an independent network for treasury transactions. The vast majority do not do this even if they won’t originate transactions on BYOD (90% won’t) or Mobile Devices (88% won’t).  The reasons vary. It costs too much. It is too hard to manage our email and work activity on two different devices. It really doesn’t matter that much. Let’s pause this discussion for a moment and then restart it shortly. Business Email Compromise (BEC) is also known as imposter fraud or man in the email fraud. As noted in AFP Online, (http://bit.ly/AFP_SCAMS) the impact is significant. Billions have been lost in the US alone. The rate of fraud has risen dramatically over the past year.  In Strategic Treasurer and Bottomline Technologies 2016 Treasury Fraud and Control Survey we looked at fraud globally and fully 77% of respondents had been exposed to these types of fraud attempts in the past two years.  And, over 10% of those companies had suffered a loss. Now, some of you might be thinking: “If the business email compromise gets employees to make bogus payments, how will a separate machine prevent that…the same people will use their credentials and will suffer the cashectomy anyway”. We appreciate this thought and that you are thinking through the issues. We really do.

“There is not a single wall or security protocol that stops everything.”

We believe, and many generalist cybersecurity experts state, that we need to think of security as layers. There is not a single wall or security protocol that stops everything. By having various layers we are more apt and able to catch or stop fraud attempts. It is harder to get through. We mention a separate machine as one of various layers that should be considered by many organizations. Why? It will inhibit hacking and spear-phishing as this will not be an email exposed machine. It will likely make the process of overruling the payment policy that says “email approval of wire transfers is NOT an acceptable method” a bit more difficult as the data/request will not be on the same machine. And, the inconvenience will serve as a daily reminder of the need to be secure and a bit more skeptical. While this will be too much for some organizations, it will be a great additional layer for other companies. And, if by helping companies to think about the layers of security they have, several crimes are prevented – that is good news for them. Finally, it is helpful to the treasury profession as we work to change the economic model for these crimes.