Article

Luke Walling

Luke Walling is General Manager of Safetica North America and a veteran of the security industry. Based in North Carolina, Luke has built several successful start-up businesses, some of which are now traded on the New York Stock Exchange.

Luke Walling has written 1 articles for SB Informer.
View all articles by Luke Walling...

Learning from the $1million insider micropayment scam

Luke Walling

November 23, 2016


5.0/5.0 (1 votes total)
Rate:

Picture a solid business, much like your own, with good prospects and high ambitions for the future.

Sitting at his desk in your office is your in-house accountant. Let’s call him Bob.

Bob is a quiet kind of guy. He puts in his hours – and more when needed – without complaint and without a fuss.

To all that meet him, Bob seems to be a model employee. Until auditors come in to go through the financial records.

Then you find that over the last few years Bob has been making a regular series of small transfers – micropayments – from your business bank account to his own.

So many transfers, in fact, that good old Bob has extracted $1million from company funds. To the bank, it just seemed like regular business: transfers too small and regular to ring alarm bells about fraud.

To you … well, you were looking at the big numbers on the spreadsheet not the micropayments.

It’s a true story

That in-house accountant almost pulled-off a million-dollar crime under the radar. And you can bet that his bosses felt they’d made a million-dollar mistake. You see, data has a habit of moving around a business.

Think you know where your confidential records are?

Customer records, employee files, bank details and designs or workflows that govern what you do and how you do it? Those records are where you think they are – but they aren’t as locked-down as you think.

And there’s a good chance they’re not being used in quite the way you would hope. It’s likely some of that data – whether in part or complete – exists somewhere else in your business too. Maybe there’s a version of some records on an employee’s desktop or random folder on a server or in the cloud? It’s their working draft.

Or how about the odds that it has been emailed out of the business so a co-worker can work on it at home after office hours? They’re not stealing it. They’re just prepping for Monday’s pitch or presentation. But, what might sound like a diligent co-worker trying to do a good job is a real data security risk.

Once sensitive information is outside your security perimeter, you’ve lost control of where it goes next.

If you work in an industry where maintaining and protecting records is a legal requirement, you’ve got a compliance headache. If not, I’d bet you still don’t want that information in the hands of a competitor or worse. And yes, you’ll feel the pain of not taking proper care of confidential business data in a number of ways.

There’s the inevitable cost of cleaning up: staff training, better IT, new workflows. There’s the lost time and business disruption. And there’s the reputation damage to manage after you’ve informed customers or employees that records have been compromised.

Want to know the typical costs and primary risk factors? Want to know the chances of surviving a data breach?

Check-out Safetica’s free Quick Guide to Data Loss Prevention and explore the insider threat to confidential information.

But first ask yourself: could someone do to your business what Bob did?

If your answer is yes, you may want to include data security on today’s to-do list.


                   



Add comment Add comment (Comments: 0)  

Advertisement

Partners

Related Resources

Other Resources