Learning from the $1million insider micropayment scamLuke Walling
Picture a solid business, much like your own, with good prospects and high ambitions for the future. Sitting at his desk in your office is your in-house accountant. Let’s call him Bob. Bob is a quiet kind of guy. He puts in his hours – and more when needed – without complaint and without a fuss. To all that meet him, Bob seems to be a model employee. Until auditors come in to go through the financial records. Then you find that over the last few years Bob has been making a regular series of small transfers – micropayments – from your business bank account to his own. So many transfers, in fact, that good old Bob has extracted $1million from company funds. To the bank, it just seemed like regular business: transfers too small and regular to ring alarm bells about fraud. To you … well, you were looking at the big numbers on the spreadsheet not the micropayments. It’s a true story That in-house accountant almost pulled-off a million-dollar crime under the radar. And you can bet that his bosses felt they’d made a million-dollar mistake. You see, data has a habit of moving around a business. Think you know where your confidential records are? Customer records, employee files, bank details and designs or workflows that govern what you do and how you do it? Those records are where you think they are – but they aren’t as locked-down as you think. And there’s a good chance they’re not being used in quite the way you would hope. It’s likely some of that data – whether in part or complete – exists somewhere else in your business too. Maybe there’s a version of some records on an employee’s desktop or random folder on a server or in the cloud? It’s their working draft. Or how about the odds that it has been emailed out of the business so a co-worker can work on it at home after office hours? They’re not stealing it. They’re just prepping for Monday’s pitch or presentation. But, what might sound like a diligent co-worker trying to do a good job is a real data security risk. Once sensitive information is outside your security perimeter, you’ve lost control of where it goes next. If you work in an industry where maintaining and protecting records is a legal requirement, you’ve got a compliance headache. If not, I’d bet you still don’t want that information in the hands of a competitor or worse. And yes, you’ll feel the pain of not taking proper care of confidential business data in a number of ways. There’s the inevitable cost of cleaning up: staff training, better IT, new workflows. There’s the lost time and business disruption. And there’s the reputation damage to manage after you’ve informed customers or employees that records have been compromised. Want to know the typical costs and primary risk factors? Want to know the chances of surviving a data breach? Check-out Safetica’s free Quick Guide to Data Loss Prevention and explore the insider threat to confidential information. But first ask yourself: could someone do to your business what Bob did? If your answer is yes, you may want to include data security on today’s to-do list. |
Add comment (Comments: 0) |   |