While it is difficult to know exactly who hacked into the firm's computer system, it is obvious how such a violation could occur. This investigation also shows how future problems can be avoided through a few simple but meaningful steps taken by your company.
First, a look at the current operating procedure reveals flaws. Currently, the computer system is programmed to destroy all data after checks have been issued. At first glance, this procedure seems like a good security measure. However, it prevents us from being able to pinpoint who may have written the false checks.
It is important to note that it is possible to gain access to the internal accounting computer through an outside computer. We tried several times and found that for approximately one hour per day, because of system cycles, access was possible.
The result is this: Someone within the firm, who knows the computer system well enough to strike when security is at its lowest, breaks into the system on a daily basis and falsely writes several checks. He or she begins with checks that are not large enough to arouse suspicion and then, either because financial problems worsen or because he or she becomes more bold, starts to write larger checks.
Within minutes after each check is written, the computer itself eliminates the evidence of how it was created. The suspect also knew this process would cover his or her tracks, making detection difficult if not impossible.
I would recommend a close scrutiny of key computer-area employees since the technological knowledge needed to commit this crime was substantial.
To prevent a future occurrence, I recommend several steps be taken, including:
- Creating a set of policies for computer systems usage, from strict guidelines on who can have access to a clear statement that the systems can be used only for business purposes.
- Selection of a person or persons to take full responsibility for computer security. This group would issue encrypted passwords to protect data.
- Develop a system to assess the risk to the company from anyone who has contact with financial information. Watch closely for signs of financial problems among all employees.
While nothing can guarantee against fraud and thefts, these steps will make it next to impossible for anyone to steal company funds in the same way again.