Vet more: Average internal fraudster has worked for you for 7 years

News by SC Staff

Long-standing employees are one of the most overlooked root causes of data breaches & the average internal fraudster has usually worked for the organisation for seven years, so don't only vet new staff.

Companies are being urged to step up their internal fraud prevention safeguards to protect themselves. UK financial services companies seeing a five-fold rise in data breaches, and Cifas the fraud prevention service, says companies may not realise long-standing employees are one of the most overlooked root causes.

"Internal fraud is one of the most damaging causes of a data breach – and the average internal fraudster has usually worked for the organisation for seven years, so don’t only vet new staff. Make sure you have a really thorough process in place for applicants and existing employees, including a whistleblowing policy to allow colleagues to highlight concerns," said the company in a press statement.

It adds: "There’s lots of ways you can stay on top of your data management. Check who has access to your systems and records. Employees should only be able to access the systems and information they need to do their job. Cifas members have recorded increases in the unlawful obtaining or disclosure of both commercial and personal data by staff, proving this is a growing threat to businesses across a number of sectors."

Companies should also think about how much autonomy employees have when it comes to managing finances, what processes they have to sign off and audit payments and invoices and to ensure staff are fully trained.

Cifas is also spreading the cyber-security message out beyond the cyber-sec industry, warning: "Organisations of all sizes across the public and private sector, not just financial service providers, need to look at their staff training, primarily information security and fraud awareness, to ensure that they are not placing themselves or their organisations at risk. All staff should be educated regularly on how to spot potential fraud attempts – such as ‘phishing’ emails designed to trick staff into letting criminals access their systems."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike