With new compliance and corporate governance regulations, executives have to take a more active role to ensure security policies meet the risk management and governance requirements of their organisations.
Recent surveys have shown that malware (malicious software) attacks have increased by 650% in the past three years. More importantly, 70% of these attacks have been perpetrated by employees of the targeted organisations.
Everyday across SA employees are busy stealing confidential company data and bosses, in many cases, are not even aware the theft has taken place.
Technology part of the problem
The proliferation of technology has resulted in great productivity improvements in corporations, but it has also made it easy to steal information or manipulate it for personal gain.
Executives will have to face the consequences if they choose not to implement real-time security measures.
Amir Lubashevsky, director at Magix Integration
Developers, service managers and database administrators are normally given clearance to the most sensitive data and are therefore most likely to be involved in theft of information.
Information theft is likely to occur wherever employees see nothing wrong in helping themselves to company property, whether it`s a stapler or the customer database. However, information is the lifeblood of a company and failing to protect it can result in serious consequences.
What would happen if a company`s financial information were compromised? Legally the company might be liable for damages and customers may turn to another supplier if they do not feel secure in their business relationship.
Companies with large customer databases rich with information are most at risk from internal theft.
Prevention better than cure
In most instances, companies eventually discover significant cases of fraud and can address areas of weakness to make it more difficult for people to repeat the crime. However, when it comes to fraud, prevention is better than cure because fraud not only costs organisations in terms of money and weakened customer relationships, but, if publicised, can lead to acute embarrassment for the company.
Instead of waiting for a historical fraud report, technology can assist companies in monitoring their business practices and catching any anomalies by looking at productivity, data movement, file access, real-time work, broken procedures, up time of systems and illegal activities. For example, if an insurance claim is logged, investigated and authorised by the same person, the system will immediately notify the audit department, allowing them to investigate and nip the problem in the bud in real-time.
There are numerous methods and strategies that can be employed by companies to protect their information. These range from real-time monitoring of the relevant databases as well as users` habits. Should any unexpected data access or transfer take place, an administrator should be warned immediately.
Technology part of the solution
The best way to prevent fraud, especially when technology is used in its perpetration, is to use technology to automatically detect and raise the alarm in real-time. Stopping fraud before the losses mount is the best solution for the company, its shareholders as well as those employees focused on doing an honest day`s work.
Tools exist that can be installed on an organisation`s server that function independently of the company`s IT applications and platforms. These solutions are able to monitor specified people, applications and business processes in real-time without alerting users of the surveillance or adversely affecting the performance of enterprise applications.
In addition, vandalism is also a potential threat. Professionals should be hired to assist the company in running regular vulnerability auditing and database risk assessments to help find and eliminate the weak points in systems and databases.
In days gone by, CCTV cameras could be installed in filing rooms to protect and track information. In the information age, the only way to protect against fraud is with security software integrated into the organisation`s business rules, governing what employees can and cannot do. To ensure the legality of such systems, companies must implement these systems with the help of specialised partners such as law firms and auditing companies.
Shifting responsibility
Many executives still consider security the domain of IT. This is the worst attitude to have because new compliance regulations will ensure bosses, board members and executives need to worry about the concept of jail time versus real-time. In other words, executives will have to face the consequences if they choose not to implement real-time security measures.
Implementing a disaster recovery plan is also advisable, but it must be part of a comprehensive security approach. A technically competent employee could always ensure both the original and backups are corrupted. That means if something goes wrong, there may be no way to recover.
Of course, money will have to be spent on implementing this security, but this will only be a fraction of the costs involved if data is stolen or corrupted.
Share