By Will Sturgeon, 28 April 2004 09:35
NEWS Long-serving male executives are more likely to defraud their company than any other demographic group according to research from KPMG.
While the likelihood of fraud undoubtedly owes more to an individual's position within the company than gender or age, 70 per cent of fraud is committed by male employees and 40 per cent is committed by staff working in the finance department.
KPMG expressed alarm at the seniority of execs defrauding their companies, but others would argue that is hardly surprising those closest to the money - with 'the keys to the safe' - are committing the crimes more than those with relatively few security privileges.
However, the news still suggests companies have a long way to go in terms of physical and digital security.
A number of companies are recognising this need for a greater marriage between physical and digital security - monitoring people's movement through the building and the network and flagging up anomalies - such as working late or coming in at the weekend to access drives not critical to their 'day job'.
Simon Perry, divisional vice president of security strategy at Computer Associates, believes companies need to be smarter about what employees are doing on the network and in sensitive documents – particularly around the end of somebody's contract or around the time of their resignation.
One of the most common forms of corporate fraud involves employees sharing sensitive data with a rival - often one they are joining, thus gaining an advantage over the previous employer.
"Companies need to inform people that 'we know you're going to a rival company and we know what files you've been looking at over the past few weeks'," said Perry, adding that a gentle reminder of legally-binding confidentiality agreements signed previously is often enough to dissuade a would-be data thief.
But this is all dependent on companies having to hand data about what employees have been looking at on the system – thus raising the need for closer monitoring.
Perry said: "You have to be able to find out what people have been doing on the network and you need to be able to find that out quickly."
According to Perry the responsibility for combating such fraud must be shouldered by IT, HR and security.
Comments
There are 4 comments. Join the discussion
1. Geoffrey Darnton
What other behaviour is to be expected when we live in a culture predicated on greed, and market forces are supposedly the most 'efficient' way of allocating resources? While such a culture is dominant, statistical reality is likely to prevail, to the extent that greed will be fed overtly (directors awarding themselves massive pay deals?) or covertly (the kinds of behaviour you describe in the article). How many people do you know who can say "I am satisfied when I earn £xK (where x is a realistic, modest sum)?
2. anonymous
What percentage of employees with such access are women? I would guess less than 30% ... If so this would indicate that in fact women might be more likely to commit fraud than men.
Articles such as this are utter nonsense unless backed up with proper statistics. Silicon.com should know better.
3. Geoff Sloan
Adopting a 'do as you would be done by' approach would help. Can the business that happily takes advantage of 'goodies' that a new employee ships in with justifiably complain when an ex-employee does the same with their new employer?
If job candidates knew they'd be off the shortlist for this kind of behaviour they wouldn't be taking a doggy bag of their previous employer's data with them when they left. Business ethics - doesn't have to be an oxymoron.
4. Drew Edgar
Fine words from a firm of accountants & auditors renown for sacking their staff by email, who themselves were the subject of fraud charges brought by the SEC over Xerox and whose disastrous introduction of a computerised accounting system at Cambridge University almost brought the University to its knees.
Were they as auditors to competently carry out their “professional” duties, the scope for fraud would be much reduced and the likelihood of detection & prosecution vastly increased.
Though KPMG may well be considered the “best of a bad bunch” it comes as no surprise that they adopted LLP status, in a transparent endeavour to evade responsibility for their actions/inactions.
How many IT Consultants could behave with such crass arrogance?