Fraud, by its text book definition,
is an intentional deceitful act made for financial gain or to malign other
individuals / companies good will and is considered to be a criminal activity.
With the rapid rise in technology, frauds are a significant threat to any type
of business and cause both financial as well as reputational losses. Fraudulent
activities are on rise and surprisingly many of those come from internal
sources and not from external sources. Hence the organizations are facing hard
time detecting and preventing the frauds. Despite major advances in fraud
detection and prevention technologies it is difficult to entirely eliminate
fraud since the fraudsters are often the smart and white collar people who know
in and out of the system and the business. Hence the need arises to put
controls in place which can ensure that frauds can be nipped in the bud and any
malpractice should be able to send out early warning signals to the business.
However technology being a double edged sword this is sometimes easier said
than done.
That being said fraud prevention / detection does not have to be rocket
science. Even basic due diligence, ideas like maker checker concept can do a
long way in helping companies protecting their assets and reputation and here
are some of them
- A periodic review of information security management controls on the IT systems, network and data security services is essential. This may get viewed as a huge investment but need not be so. Even simple steps can go a long way in protecting company sensitive data. For example
- Have a well defined user access management policy for granting / modifications of access
- Having a strong physical environment policy
- Restricting uploading of files to external sites
- Restriction on attachment sizes for emails
- Scanning of emails being sent to external and personal accounts
- Restriction on USB ports and printers
- Sensitive information should be discarded in such a manner that it does not remain available to anyone. Fraudsters can retrieve sensitive information from “disposed off storage devices”, for their benefits. In financial institutions a person’s name, address, DOB are valuable and fraudsters can use this information to manipulate someone’s identity and commit fraud under someone’s else name. This is where again technology can work for or against you. Data disposal techniques can help companies erase sensitive data completely so that even if someone does lay their hands on the device information cannot be obtained.
- Another emerging trend which can also be categorized under the same bracket is “Industrial espionage”. One important thing to be considered to prevent this from happening is conducting a background check before hiring employees. By performing background checks companies can get to know about the past records, or any other fraudulent activities if any.
- With so much of company data being available online(especially for public listed companies) businesses should secure their websites by adding the security services of SSL/TLS to standard HTTP communications which will indicate to it users / customers that the website is secure. This should be done especially by the banking institutions and ecommerce websites since transactions happen over such websites and users share their credit card details. Such websites should also be compliant to Payment Card Industry Data Security Standard (PCI DSS) standards. This increases user confidence in conducting transactions over the website and enhances the company reputation.
With all the
fraud prevention mechanisms being put in place the truth is that it is not
technology that commits a fraud. It is technology in the wrong hands that
causes a problem. Hence it is very important to tackle this aspect of fraud
preventions. All users must be educated on the company policy do and don’t. The
company should have a zero tolerance policy towards any fraudulent activity
that has been committed. Users should be encouraged to come forward and report
and wrong doing that they suspect. This can be encouraged by helping them do
this anonymously. Organizations need to understand that technology, only with
the right human support, can help in preventing frauds and that it cannot be
the other way around.
With Manage IT as your IT solution provider,
with its ITIL based Manage Security Module it helps you enhance IT Security
efficiently.
About Author:
Dimpy Thurakhia is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at dimpy.t@spluspl.com