Occupational Fraud: 5 Ways to Protect Against Insider Threats
Even with the latest IT safeguards in place to protect against fraud in the workplace, it may be the simple employee errors that you have to worry about.
In fact, BakerHostetler’s 2016 Data Security Incident Response Report found insider human error was the leading cause of incidents.
According to the Kroll Global Fraud & Risk Report 2016/2017, current and ex-employees were the most frequently cited perpetrators of occupational fraud, cyber, and security incidents over the past 12 months. The most common types of fraud were theft of physical assets (29%), vendor, supplier, or procurement fraud (26%), and information theft, loss, or attack (24%).
The 2016 Global Fraud Study showed that the median loss for all cases was $150,000 with 23% of cases causing losses of $1 million or more, and the total loss caused by cases in the study exceeding $6.3 billion.
Here are 5 vulnerable areas in a workplace where employees are most likely to make mistakes – and what an organization can do to protect itself from occupational fraud:
- AT THE PRINTER: An earlier Ponemon study showed that paper documents are most at risk when initially printed and left in a communal office print tray. Protection: A good strategy is to create a best practices standard for printing confidential information, according to the Shred-it State of the Industry Report 2016. Never leave documents unattended at a printer station, and install a program to password-protect printers.
- AT THEIR DESK: An unattended and untidy desk with confidential information left in full sight is a security risk. Through visual hacking, information thieves can steal documents or take pictures with their phone. Protection: Implement a Clean Desk Policy so that employees clear their desks and lock documents away when they leave workstations for an extended period and at the end of every day.
- INFORMATION DISPOSAL: Tossing confidential information into open recycling bins or garbage containers is a huge risk. Protection: Partner with a reliable document destruction company that has a secure chain of custody and provides locked consoles for storing data before secure shredding. Implement a Shred-it All Policy as well so that all paper is shredded at the end of its lifetime.
- IT DEVICES: IT devices make it easy to remove confidential data from the office. Protection: Keep track of IT devices that are used to remove information from the workplace (many organizations have a sign out system). Limit and control what information is removed. Securely destroy storage devices at the end of their life.
- OUTSIDE OF THE OFFICE: While smart phones and other mobile devices allow employees to work at home and in transit, there is an increased security risk due to loss and theft. The 2015 Data Breach Investigations Report showed equipment was stolen from employee-owned vehicles 22% of the time. Protection: Create a Mobile Workforce Policy, and provide on-going security awareness training. Best practices should include secure disposal of information too such as bringing documentation back to the office for secure destruction.
Learn how information security best practices can make all the difference in the workplace.