TRENDING:

The Fraud Blog with Tracy Kitten

Insiders: Security Risk No. 1

Banks Are Failing at Setting Internal Risk Controls Tracy Kitten (FraudBlogger) • January 13, 2012    
Insiders: Security Risk No. 1

Organizations, financial institutions included, get too comfortable, and they forget about checks and balances. No one wants to think a member of the team could steal from the company, or worse, from a customer or client. But it happens, as the teenaged McDonald's employee so quickly proved.

See Also: Live Webinar | Software Security: Prescriptive vs. Descriptive

Let's also not forget that internal fraud can be unintentional. Sometimes, employees just make mistakes.

Employee education is paramount. Most employees want to do the right thing; they just need to be told how. 

The Social Security number breach at Wells Fargo comes to mind. The privacy breach has spurred attention from the Connecticut attorney general, who's asked Wells executives to explain why the bank released Social Security numbers in copies of subpoenas it mailed to state officials and customers named in the subpoenas. [See Wells Questioned About Privacy Breach.]

Wells has been very apologetic. But the damage is done.

So what steps could Wells and McDonald's have taken to avoid the internal hiccups that resulted in massive customer privacy breaches? An employer can't monitor the actions of every staff member 24/7. But basic policies and procedures that clearly define what is acceptable could have made a big difference.

Internal policies about security and the need for corporate and client or customer privacy are critical. Employees often don't understand or appreciate how and when a customer's identity can be compromised, or a corporation's internal systems can be breached. Employee education is paramount. Most employees want to do the right thing; they just need to be told how.

Clearly written policies and procedures set expectations, and establish a culture of high standards. It takes more than technology. Organizations need employees monitoring each other. Well thought-out policies ensure staff members feel comfortable blowing the whistle when they see another employee bucking the rules.

With a little forward thinking, most of the internal breaches from which businesses suffer today could be thwarted, or at least severely diverted before massive financial and reputational casualties result.



About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Certificate Lifecycle Management Just Got More Strategic
Certificate Lifecycle Management Just Got More Strategic
Securing Your Building Management System
Securing Your Building Management System
Analysis: 'Cybersecurity Call to Arms'
Analysis: 'Cybersecurity Call to Arms'
Analysis: REvil’s $50 Million Extortion Effort
Analysis: REvil’s $50 Million Extortion Effort
Supreme Court Ruling in Facebook Case: The Implications
Supreme Court Ruling in Facebook Case: The Implications
Case Study: Tackling CIAM Challenges During the Pandemic
Case Study: Tackling CIAM Challenges During the Pandemic
Can Evidence Collected by Cellebrite's Tools Be Trusted?
Can Evidence Collected by Cellebrite's Tools Be Trusted?
Protect the Brand: Online Fraud and Cryptocurrency Scams
Protect the Brand: Online Fraud and Cryptocurrency Scams
Healthcare Risks: Unprotected Databases, 'Shadow IT'
Healthcare Risks: Unprotected Databases, 'Shadow IT'
Going Beyond HIPAA to Protect Health Data Privacy
Going Beyond HIPAA to Protect Health Data Privacy

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.