printer friendly version

Insider fraud and technology

Monitoring employees as they go about their daily work is frowned upon in most South African businesses, but this is changing as more companies realise that most fraudulent losses are the result of insider activity. The alarming results of a study into insider fraud recently found that this type of crime typically costs 5% of revenue.

And it is not new employees that do the most damage. Published in May 2012 by the Association of Certified Fraud Examiners (ACFE), the report says that the longer a fraudster has been employed, the higher the losses they cause^[1]. Moreover, almost 90% of fraudsters have no history of fraud-related conduct, further reinforcing their trusted status.

“If it is logical to assume that signing an employment contract does not turn a sinner into a saint overnight, why do companies believe that employees are automatically trustworthy?” asks Hedley Hurwitz, MD of Magix Security. “Monitoring your employees is not an invasion of privacy, but a simple business process that monitors how they do the jobs they are paid for.

“If you trust someone with confidential access, you do not object every time they do their job. However, if they do it too often, or from remote locations after hours, the anomaly should be flagged and the transaction suspended until an investigator can confirm its authenticity.”

Hurwitz adds that it is very difficult to recover money once it has gone since it takes up to 18 months to identify insider fraud, according to the survey. Hurwitz believes there are four primary areas in which companies must monitor employee activity.

1. Infrastructure must be regularly monitored. It does not help to have fancy forensic systems if there are holes in the fence. For example, poorly configured firewalls and open shares can present a back door to a hacker of average talent.

2. Active Directory (AD) must be regularly monitored. AD is a single, secure database designed by Microsoft that tracks all user accounts and passwords in an organisation. Monitoring and auditing the health of AD is essential to ensure there are no ghost users or account impersonators. It also ensures that users are limited in what they can do and access according to the rules set by the company.

3. Exchange Server must be regularly monitored. Exchange Server is Microsoft’s e-mail and collaboration server. It is an unstructured repository of vital data, but if it is unsecured and unmonitored, unauthorised people can easily gain access to sensitive content.

4. Monitoring of databases and file servers. This ensures only authorised users gain access to sensitive files. Historical access data can also highlight the origins of leaks and the activities of users suspected of illegal activities.

Trust, like respect, is earned. Employers today cannot simply assume their employees are trustworthy, nor can they keep writing off fraud as a cost of doing business. Using technology to monitor employees’ activities seamlessly is the only way to effectively cut insider fraud and prevent losses.

[1] http://www.securitysa.com/7529a

Share this article:

Further reading: