So Many E Mails, So Little Time

David Stelzl, author of the new book Data @ Risk, due out this fall, is one of the year’s most sought after speakers.   At the upcoming CELAES Bank Security Conference in Miami in October, Stelzl will address the problems resulting from our era of digital data and fast transactions.   His topic:  How to Stop the Unauthorized Transfer of Digital Money – The Executive’s Guide to Stopping the Greatest Transfer of Wealth in History – YOUR DATA.

And, it is not only your DATA that is being transferred.  It’s also your MONEY.   Your employees are transferring billions of dollars out of accounts every year.    TIME has become our enemy.

You don’t have to be as big as Boeing or TESLA to be an attractive target.   At the speed of a click, an employee can send YOUR MONEY or YOUR DATA  to accounts around the world.

According to Stelzl, email compromise has increased by a eye-popping 1300% in just the past year.   He estimates that 95% of intellectual capital today is digital, and probably 50% is in clear text.   To say the email compromises are growing at “astronomical rates”, to use his terms, is an understatement.

And it is not only BOTs carrying malware that present a risk,– but simple email scams that your anti virus/anti malware won’t detect still work very well.   How well?   Over the past year, roughly $3,1 billion worldwide has been transferred, of which nearly $1 billion came out of the United States according to the FBI.

How does it work?  Stelzl describes the process for us.     “ An email is sent from the boss to someone with the ability to transfer funds. The account information is provided, with a request to transfer $10,000 for example.   It may be a partnership deal, customer refund, or payment to a vendor. The person doing the transfer doesn’t have TIME to research it – they just transfer the money and go on to the next task.  ……  No one’s asking questions.”

According to Stelzl,  companies tend to focus on the technology and forget the employees.  Companies don’t run social engineering drills.   They don’t conduct cyber awareness training.  They may lack procedures.  Controls may not be followed when the email request comes from “the boss”.    And on the technology side, email servers need to be secured so they are not spoofed.  And for an annual fee, white lists of approved senders can be created.

Learn more about how you can secure your digital data at the upcoming CELAES Financial Security Conference on October 3-4, 2016 in Miami.