security awareness accounts payable - sign invip.alltech.com/phish/shared documents/english...
TRANSCRIPT
OPTIONAL HEADEROPTIONAL HEADER
WELCOME
SECURITY AWARENESS
Presenting:
• Connie Thompson MIS
• Peter Swail Internal Audit
ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
WHY THE EDUCATION?
Profile
1. Phishing emails
2. Mandate fraud
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
More than 1 in 3
companies are
impacted by
economic crime
In 72% of companies that
suffer from
fraud, at least
one person
inside colluded with the
fraudsters
24% of
organisations reported
cybercrime in
2014. This will increase to 30%
in 2015
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
WHAT IS PHISHING?
Email spoofing fraud where a scammer entices you to:
• reveal confidential information
• pay money to a fraudulent account
• give them access to your computer
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
WHAT TO LOOK FOR
• [email protected] vs
• Misleading link
• Urgency
• A reward
• A link, an attachment or a phone number
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
WHAT SHOULD YOU DO?
• TPL, Alric Blake, Flora Djojo, Maksim Halauniou or any Vice President will never request a money transfer without a confirmation call
• You MUST confirm the request:
oCall/text/email the source using known contact phone numbers from the Alltech address book
oLync confirmation
• Do not reply using the original email as you will be replying to the fraudster
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
WHAT SHOULD YOU DO?
1. Contact the bank to stop and retract the wire
2. Forward the fraudulent email to Tim Arthur, Mike Castle, Alric Blake, Flora Djojo, Maksim Halauniouand Peter Swail
3. Inform your manager
4. If you have shared your Alltech password, change it immediately at selfhelp.Alltech.com or call the ASSIST line anytime at 1-859-305-1654
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
WHAT IS MANDATE FRAUD?
Impersonation by phone, email, or post of a legitimate supplier requesting a change in the payment/bank account details which results in a payment to a fraudulent account.
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
WHAT TO LOOK FOR
• Inconsistencies or inaccuracies in the letterhead, address, signature or other component of an email or letter requesting a change in bank details
• Communication that threatens, conveys urgency, or asks for irrelevant information
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
WHAT SHOULD YOU DO?
• Do not change any vendor information until you have confirmed the details with a trusted source via a call
– Verification should not be made through the contacts in the ‘change of details’ communication
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
WHAT SHOULD YOU DO?
1. Contact the bank to stop and retract the payment
2. Forward the fraudulent correspondence to Tim Arthur, Mike Castle, Alric Blake, Flora Djojo, Maksim Halauniou and Peter Swail
3. Inform your manager
4. Contact the vendor
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
• https://aspen.alltech.com/sites/Campus/Training/Phish/SitePages/Phish.aspx
• Read
– ‘How to spot a phish’
– ‘Security Awareness – Accounts Payable’
• Complete
– Department of Defence online training
– Aspen survey
COMPLETE THE PROGRAM
SECURITY AWARENESS ACCOUNTS PAYABLE
OPTIONAL HEADEROPTIONAL HEADER
http://iatraining.disa.mil/eta/phishing_v2/launchpage.htm
SECURITY AWARENESS ACCOUNTS PAYABLE
COMPLETE THE DOD PROGRAM
OPTIONAL HEADEROPTIONAL HEADER
TAKE THE SURVEY
SECURITY AWARENESS ACCOUNTS PAYABLE
https://aspen.alltech.com/sites/Campus/Training/Phish/Lists/Finance%20
Team%20Training/overview.aspx