Since fraud cannot be stopped, it can however be mitigated in many areas.
By Jack Loo
01 Dec 2008
Fraud is prevalent among enterprises’ today, and the current economic climate is making things worse—a message shared at the Asia Fraud Conference.
“When times are bad, people would resort to means to make ends meet as a result,” said Larry Lam, managing director, McGuire Asia, who organised the event.
While removable media devices such as USB drives and memory cards are gaining in popularity for their ease of use and ability to store large amounts of information, perpetrators are also realising that their fraudulent activities can be easily carried out, pointed out Richard Stagg, director and managing consultant, Handshake Networking, who was a speaker at the conference.
“A 2006 study by Deloitte shows a 50-per cent rise in leaks of confidential information and that is primarily attributed to the increasing numbers of removable devices. Staff can walk out with massive amounts of confidential information of their organisations,” said Stagg.
He pointed out these devices are small and can be easily smuggled in and out of the office premises. And technological advances have seen a never-ending rise of memory capacity. “In year’s time we can even see USB drives with a memory capacity of one terabyte—imagine what one can do with it?” he said.
Besides the fraudster, there is also the employee who is careless or worse, has no regard for security procedures. “Make it idiot-proof and someone will make a better idiot; someone will do something so amazing that you will not have thought of,” said Stagg.
In response to these threats, there are a number of methods used. One simple way involves disabling USB ports. But these means peripherals like mouse and keyboard, which are connected to the workstation through USB ports, cannot be used as well. Another is to purchase device control software that can permit and deny authorised devices as well as generate logs to record breaches. However, such applications are costly and require management, said Stagg.
But these solutions do not address the main underlying problem—people, he explained. “It doesn’t matter how many technical countermeasures you set up, someone will either decide that he or she is exempt from these rules, or have a good reason to work around things.”
A way forward is awareness training, he recommended. History has shown that such a method works, for instance people do recognise that floppy disks and CD-ROMs can carry malware, he added.
Have it as part of the induction programme for newcomers in a company, get them to sign that they have understood acceptable use policies, and frequently reinforce the message through a series of e-mails, short seminars and screensavers, Stagg suggested.
In today’s difficult economy climate, while organisations are busy keeping costs down, the need to safeguard vital information—an important asset of the company—is of upmost importance. Since fraud cannot be stopped, it can however be mitigated in many areas—managing people and their use of memory devices is one.
A staff writer with Fairfax Business Media, Jack Loo is a full-time web and magazine reading addict, from bbc.co.uk to webmonkey and monocle.
