Preventing internal fraud

Preventing internal fraud

Over 80% of fraud originates from inside a business.  Now, I’m sure like me you will say something like “but all my staff are top people!” Well, Like it or not, this is a fact.

Edward Snowden

So how can you better protect your business from an ‘Edward Snowden’ character, and the internal fraud issue that could occur?  First of all let’s look at who Edward Snowden was, and what his motivation was.  He was employed at the National Security Agency (NSA) in the USA.  The British equivalent, GCHQ works closely with NSA, in areas such as Counter Terrorism, and crime prevention such as serious organised crime and large-scale fraud.

Mr Snowden disagreed with some of the NSA’s practices, and leaked information about ‘back-door’ mechanisms in place in common software and websites ranging from the Angry Birds game, to European mobile phone company’s systems.  The PRISM project allow the two intelligence organisations to ‘receive’ emails, video clips, photos, voice and video calls, social networking details, and logins held by a range of US internet firms.

Small businesses

Edward Snowden is a really talented IT expert, and had system administrator access to many NSA networks and servers.  He systematically downloaded 1.7 million intelligence files from many US agencies.  The equivalent for a small business owner would be for a disgruntled member of staff, or someone who is about to leave your business, downloading all the contacts from your CRM system, finance system, or copying strategic business plans onto a memory stick, and walking out the door.

Protect your business

To reduce the risk of an internal breach of this scale, I have several recommendations.  Limit the number of people with administrator access.  Segment data and allow access to data via user groups.  Disable the use of USB memory sticks.  Limit the size of email attachments to 10MB, so that emailing data to personal email accounts is restricted.

Link to BBC article

person typing on keyboard to represent internal fraud occurring