top | item 39248866

(no title)

it’s trivial to avoid. Do not accept instructions outside of the standard instruction channels. The only reason this scheme works is because of bad processes, bad training or a culture of fear (where employees feel compelled to comply with any demand regardless of process for fear of losing their job).

If an employee routinely receives email or zoom instructions to transfer $25m without any sort of sign off then the company is completely at fault for terrible process.

discuss

JumpCrisscross|2 years ago

> Do not accept instructions outside of the defined company processes

Most non-enterprise companies have fairly loose wire protocols. That said, outgoing phone calls to two separate signers is a good, simple best practice.

nikanj|2 years ago

The standard instruction channels are so reliably shit, nobody bats an eye if they get an email saying ”Teams is on the fritz again, please join us on Zoom instead”