Fraudster spotting

Want to learn how to spot the fraudsters on your network? It may be the person you least expect...
Written by Will Sturgeon, Contributor
Long-serving male executives are more likely to defraud their company than any other demographic group according to research from KPMG.

While the likelihood of fraud undoubtedly owes more to an individual's position within the company than gender or age, 70 per cent of fraud is committed by male employees and 40 per cent is committed by staff working in the finance department.

KPMG expressed alarm at the seniority of execs defrauding their companies, but others would argue that is hardly surprising those closest to the money - with 'the keys to the safe' - are committing the crimes more than those with relatively few security privileges.

However, the news still suggests companies have a long way to go in terms of physical and digital security.

A number of companies are recognising this need for a greater marriage between physical and digital security - monitoring people's movement through the building and the network and flagging up anomalies - such as working late or coming in at the weekend to access drives not critical to their 'day job'.

Simon Perry, divisional vice president of security strategy at Computer Associates, believes companies need to be smarter about what employees are doing on the network and in sensitive documents – particularly around the end of somebody's contract or around the time of their resignation.

One of the most common forms of corporate fraud involves employees sharing sensitive data with a rival - often one they are joining, thus gaining an advantage over the previous employer.

"Companies need to inform people that 'we know you're going to a rival company and we know what files you've been looking at over the past few weeks'," said Perry, adding that a gentle reminder of legally-binding confidentiality agreements signed previously is often enough to dissuade a would-be data thief.

But this is all dependent on companies having to hand data about what employees have been looking at on the system – thus raising the need for closer monitoring.

Perry said: "You have to be able to find out what people have been doing on the network and you need to be able to find that out quickly."

According to Perry the responsibility for combating such fraud must be shouldered by IT, HR and security.

Editorial standards