All Posts Tagged: email compromise
It’s widely known that internal staff can be one of the biggest threats to a company’s information and security. I’ve recently published a detailed article on this topic in CIO Banking Outlook, and this blog post summarizes several highlights.
Two types of “insider threats” have been identified by many security experts: the Accidental Fraudster (good employee, breaking bad) and the Career Criminal. These two problems need to be addressed differently.Accidental fraudsters
The leading theory of occupational fraud asserts that three factors must be present for fraud to occur: pressure, rationalization, and opportunity. Removing just one of these factors makes it less likely the fraud will occur. An approach we’ve implemented here at Bank of the West is “Be Noisy” to help reduce the perceived opportunity.Make noise
Banks have multiple controls, but they are not always evident to insiders; therefore they may perceive an opportunity to get away with fraud. Call out unusual behavior with your controls by sending email alerts to employees and managers. Here are some examples of using existing controls in a “noisy” way:
- Odd-hours access: Nefarious activity commonly takes place after business hours. Create an odd-hours access alert and send an email to the team member, copying the appropriate level of management to ask for an explanation about why access is necessary at that time of day.
- Excessive fee reversals: Research indicates that negative activity tends to start small and escalate. Finding potential policy violations, like excessive fee reversals, can catch and stop negative behavior before it escalates.
- Exfiltration of data: Data can be stolen in many ways (e.g., email, web or cloud uploads, and through removable storage). When you see attempts to send large amounts of data in these channels, send an alert to the team member so that the activity is logged and reviewed.
- Accounts payable: Analysis of accounts payable data cross-referencing employee information may turn up potential conflicts of interests or misappropriation of funds. Investigating phone, address, and other personal information may turn up interesting connections.
These processes only take a few minutes for all parties involved, but they promote the best outcome: Keeping the honest employee honest.Career criminals
Career criminals will steal from you quickly. Try not to hire them. This is best addressed through good interview methods and background screening. Noisy monitoring can help catch negative behavior early and thus mitigate the damage of a career criminal. These will normally be the true positives in your noisy monitoring system.
I would encourage you to be innovative. The technology investment for these approaches is minimal; in most cases you may be able to leverage existing controls and data.Read More ›