Jeff Cutler's Keys to Security

Aug 5 2014   9:32PM GMT

Bad Security in One Area is Bad Security in All Areas

Jeff Cutler Jeff Cutler Profile: Jeff Cutler

Tags:
Accounts payable
CEO
CIO
CTO
Finance
IT
Security
Uncategorized

Guess what has two thumbs and just got a check for a project he finished? Oh, yes. This guy.

WP_20140505_11_09_39_Pro

You know what’s wrong with this picture…other than the goofy grin and movie-star good looks? Yes, the check I got was a mistake. I did some writing for them, but the accounts payable team at my client’s office paid me twice. I’m currently figuring out the process for returning the check and getting a new one cut.

But that’s not the issue. The real problem is security-based. If it’s a piece of cake for someone like me to breach systems and get paid multiple times for a job I only did once, how tough could it be for a hacking cartel to find their way into that system. Furthermore, if this is happening on a broader scale, maybe our entire economy is at risk.

While it’s not as scary as someone hacking into NASDAQ or the NYSE, it still is private money and that’s got to come from somewhere. In the case of my double check, or double payment, the slip-up happened because of emails and bad record-keeping. The department for whom I did the work followed protocol when I sent in my estimate and forwarded that estimate to accounts payable. When I completed the project, I sent in an invoice using the purchase order number issued to me.

Somewhere along the line, A/P started the payment process with the knowledge that the project was underway and monies would be paid out. Then, when a ‘second’ invoice (they must have treated the estimate also as an invoice) came in, they added that to the same purchase order and cut a check.

Fixing this would simply require a database that can compare invoice numbers and dates and other possible duplicate fields. On my check (look at me calling it my check even though I’ve got to return it), there is a department-generated invoice number created by the computer and then an invoice number that corresponds with the invoice I supplied.

Is it earth-shattering? Will the company go under because they paid me $36,000 instead of $18,000? Is this a security breach on the level of the Target or Costco events? For all three questions the answer is no. But if there are issues with tracking money, accounts, invoices and vendors at this level, there likely are bigger issues behind the organization’s IT services and security.

Ultimately, I shared this story because it’s important to realize that issues at one level can indicate bigger issues at other levels and it’s bad business to wait until the walls fall down around you to start examining what you could have done differently. Treat business systems as if you own them – I’m talking to you finance and IT and any C-level executive – and you’ll have less to worry about at the end of the day.

In what ways have you seen little problems blossom into bigger ones at your firm or others? Share in the comments. Next week, I’ll have video content for you! Until then, be safe!

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Genderhayes
    Someone will have "ALL' of your information that is available or sell it to an unsuspecting buyer don't put certain information out on the internet knowing it can be accessible especially with "hackers"
    7,440 pointsBadges:
    report
  • Jeff Cutler
    That's the problem. The latest currency is information. And it's used to get currency. We should all be vigilant and a little paranoid. Thanks for writing. Jeff
    290 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: