printer friendly version

Realtime prevention and detection of fraud a governance reality

Every day across South Africa employees are busy stealing confidential company data and, bosses, in many cases, are not even aware the theft has taken place.

Business and data security has become a critical issue in companies of all sizes around the world. Moving from what used to be an issue for the IT department to handle, it is now a topic for the boardroom. Unfortunately, most companies see security as some form of external threat and think firewalls and anti-virus solutions provide all they need until confidential data is stolen.

"While malicious hacking, spyware, Trojans and other assorted security threats are real problems and are on the increase globally and in South Africa, the primary threat of data loss and fraud originates internally," says Amir Lubashevsky, CEO of Magix Integration. "The proliferation of technology has resulted in great productivity improvements in corporations, but it has also made it easy to steal information or manipulate it for personal gain. And although most people are honest, there is always a minority that sees nothing wrong with helping themselves to company property, whether it is a stapler or the customer database."

In most instances, companies eventually discover significant cases of fraud and can address areas of weakness to make it harder for people to repeat the crime. However, detection is generally too late as fraud not only costs organisations in terms of money and weakened customer relationships, but, if publicised, can lead to acute embarrassment for the company as well.

The best way to prevent fraud, especially when technology is used in its perpetration, is to use technology to automatically detect and raise the alarm in realtime, as the fraudsters act. Stopping fraud before the losses mount is the best solution for the company, its shareholders as well as those employees focussed on doing an honest day's work.

"Tools exist that can be installed on an organisation's server that function independently of the company's IT applications and platforms," adds Lubashevsky. "These solutions are able to monitor specified people, applications and business processes in realtime without alerting users of the surveillance or adversely affecting the performance of enterprise applications."

Instead of waiting for an historical fraud report, technology can assist companies in monitoring their business practices and catching any anomalies by looking at productivity, data movement, file access, realtime work, broken procedures, up time of systems and illegal activities. For example, should an insurance claim be logged, investigated and authorised by the same person, the system will immediately notify the audit department, allowing them to investigate and nip the problem in the bud in realtime.

In days gone by, CCTV cameras could be installed in filing rooms to protect and track information. In the information age, the only way to protect against fraud is with security software integrated into the organisation's business rules, governing what employees can and cannot do. To ensure the legality of such systems, companies must implement these systems with the help of specialised partners such as law firms and auditing companies.

Of course, many executives still consider security the domain of IT. Lubashevsky says this is the worst attitude to have, as new compliance regulations will ensure "bosses, board members and executives need to worry about the concept of jail time versus realtime. In other words, the risk is on the shoulders of executives if they choose not to implement realtime security measures".

Share this article:

Further reading: