What’s happening: It’s not just businesses that are losing money to cybercriminals. This post shows that schools are also at risk. We can conclude, by inference, that not-for-profits are being hit as well. The news just hasn’t surfaced.
What it means: Every small and medium size organization is at financial risk from cybercrime.
What to do: Management must get on top of this problem. Check bank transactions daily. Train staff to recognize cybercrime danger signs. Tightly manage technology controls. Consider a separate PC used only for on-line banking. Check your cyber-insurance. Be prepared to sue your bank: Email our Guide An Emerging Information Security Minimum Standard of Due Care to your attorney.
Brian Krebs: Washington Post: A gang of organized cyber criminals that has stolen millions from businesses across the United States over the past month appears to have turned its sights on public schools and universities.
On the morning of Aug. 17, hackers who had broken into computers at the Sanford School District in tiny Sanford, Colorado initiated a batch of bogus transfers out of the school’s payroll account. Each of the transfers was kept just below $10,000 to avoid banks’ anti-money laundering reporting requirements, and went out to at least 17 different accomplices or “money mules” that the attackers had hired via work-at-home job scams.