Valuable Insight from a Cyber Hack

Posted by & filed under Credit.

Sep 16, 2021

Written by a long time and experienced NACM Member

Remember when you used to receive an incoming fax on a roll of glossy fax paper…that eventually faded so you couldn’t read the original fax transmission?  Or using a typewriter (first manual, then electric) to generate correspondence instead of creating a Word document on a computer??  How about handwriting phone messages and delivering them to the desk of the intended recipient before the inception of voice mail?

Advancements in modern technology continue to revolutionize processes in our day-to-day work environments that had, historically, been manual.  Those technological developments have helped to streamline workflow and communication, especially to those working in credit, accounting, and finance. 

In our inordinately busy lives, we forget the importance of having the luxuries of technology that help us become more efficient in our jobs.  We are so used to having these tools and resources available, we can become complacent and (possibly) too reliant on having all our documents and files accessible and stored in our computers. 

Since credit managers are responsible for the risk management of our company’s Accounts Receivable portfolio, we rely on constant access to an aging, customer contact information, collection notes, credit file documentation, sales and payment history, just to name a few of the most critical pieces of information you need to manage your normal job responsibilities.    

Having recent firsthand experience dealing with the impact and fallout from a cyber and ransomware attack at work, the prudent thing to do is share knowledge with YOU, the NACM membership, and provide ‘food for thought’ about how you can minimize the impact to you and your employer if something like this happens to you in the future.

It’s virtually impossible to know how long you might be restricted or limited from restoring access to information on your desktop computers, servers, stored documents, and files in your database.  Our company has been impacted by this cyber security infiltration for 10 weeks and counting.  We still do not have full access to files, applications, and documents that we had prior to this cyber hack.      

Everyday TASKS!  This is Valuable insight and lessons learned from having our entire computer system incapacitated … and losing complete visibility of our A/R system.

  • Can you make collection calls without computer access?
    • Consider having a detailed aging in a printed format that includes customer’s phone, A/P contact name, credit limit, and due dates of open items. 
  • Do you have access to incoming cash receipts?
    • Cash Receipts & Posting
    • If you have access to incoming payments but can’t post to clear open A/R balances on your customer’s accounts, do you have a process to update account balances manually? 
    • What about receiving confirmation of incoming electronic forms of payment – credit card, ACH, wire?  
  • Can you send out a credit application and perform a credit investigation on a new / prospective account?
    • Forms – Think about the forms you use every day!
    • Do you have these documents in a printed format that you can scan and forward, as needed?
    • Examples: Credit application, personal guaranty, bank authorization, W9, sales tax exemption certificate, statement of account, 10-day demand letter
  • Do you have frequently used web sites and passwords written down anywhere?
    • We hear this all the time: Don’t keep passwords written down anywhere – RIGHT?!
    • But — what if you suddenly need them?
    • What web-based links do you use all the time where your username and password automatically save after your initial access so the only requirement for subsequent access is to ‘click and go’ when that information auto populates?
  • Your Contacts
    • Professional Contacts, e-mail addresses, phone numbers
  • What processes do you have in place to ensure you maintain control of credit?
    • Initially, you feel like you have lost all control…
    • How can you manage new sales orders to review for credit approval?
    • Orders already written that are on credit hold
    • Monitoring realistic credit limits
  • Exclusively using the “Cloud” to back up your files is NOT fool proof…
    • Data Storage / Backup considerations
  • This might be a “Biggie” – PERSONAL information
    • Do you access anything on your work computer that can be tied to your personal information??
    •  In the event of a cyber security failure, has any of your own personal information been compromised?
  • Think about it…

This information is intended to help generate thoughtful consideration for having a critical account, credit, and A/R information available either in a printable format or stored in multiple sources in the event of a catastrophic computer disruption to your daily workflow.  Dealing with this recent cyber hack forced our team to creatively ‘think outside the box’ to ensure credit controls were in place, to the best of our ability.  Having to transition to a manual business operation is a massive challenge… appreciate the tools and technology we use every day as credit and risk managers and how that can potentially change in the blink of an eye.    

Comments are closed.