Don't write checks your...accounting system can't cash

Digital & Technology
by Michael Scalamogna
share with a colleague Download PDF

I recently read a startling whitepaper titled “Cash is King: Who’s Wearing Your Crown?” in which two researchers simulated an attack on an accounting system, making changes to the underlying data structure and ultimately causing the system to send payments to malicious parties. In one of the more disturbing examples, the researchers changed customer address and check name records, causing the system to send refund checks made out in their name to an address they specified.

Here are a few steps your accounting system users can take to reduce such a risk:

  • Positive Pay – many commercial banks offer this service. When checks are issued, a file is created listing each check and the amount, and is transmitted to the bank. When checks are processed for payment, they are reconciled to the list provided by your business. If the check is not on the list, the bank will not process that check.
  • Activate and monitor the audit files that are inherent in your accounting system. By tracking what changes were made, by whom, and for what reason, data change management apps may help foil an otherwise damaging attack.  Some tools notify specified users when certain changes are made to the system. Any time a vendor name or address is changed, an email can be sent to notify a group of individuals. Data change management software like KnowledgeSync or Rockton Auditor run in the background and can facilitate this process, requiring human effort only during initial setup and configuration (as well as follow-up on automated alerts).
  • At a minimum, you should reconcile your bank accounts monthly, but with the increasing speed and sophistication of fraudsters, monthly reconciliation may not be adequate.  Reconciling bank accounts more frequently may sound like a daunting task, but many accounting applications have built-in bank reconciliation functionality. If your system lacks this functionality, consider looking for a third-party tool. This is particularly important for businesses with high transaction volume or multiple cash accounts.

Schneider Downs Technology Advisors provides risk assessment and security vulnerability services. Please contact Schneider Downs Technology Advisors for a confidential consultation.

© 2014 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Digital & Technology, Manufacturing BY Peter Frauen
Technology Enhancements Continue to Infuse the Manufacturing World
read more >
Consulting, Digital & Technology BY Robert Morgan
Selecting the Right Partner for your Corporate Performance Management (CPM) Solution Implementation
read more >
Digital & Technology, IT Risk Advisory BY Schneider Downs Professional
President Biden Signs Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence
read more >
Consulting, Digital & Technology BY Michael Scalamogna
What You Missed at Dynamics Community Summit
read more >
Digital & Technology BY Chelsea Sarnowski
Digital Transformation in the Construction Industry – Why So Much Hesitation?
read more >
Cybersecurity, Digital & Technology BY Chelsea Sarnowski
Cybersecurity in the Construction Industry
read more >
Register to receive our weekly newsletter with our most recent columns and insights.
subscribe for updates
most popular
Master Your Credit Card Strategy: A Guide to Maximizing Rewards and Boosting Your Credit Score
Wealth Management
By Jessica Ellicott, Courtney Moriarty | 4.16.2024

Uncover the frequently asked questions surrounding managing your credit cards more effectively and harnessing their potential benefits. ...

read more
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh
Columbus
Metropolitan Washington
Image of Prime Global Logo
follow us client portal

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×
Accept