No matter how much companies spend on digital defenses, hackers often still get in by persuading an employee to click a link or give up a password. Many small business owners still don’t understand the risks that fraud can have on their bottom lines. Small business owners should be proactive and aware of many different types of fraud in order to better protect their employees, their finances and themselves. Here is part one of an article in a three-part series by Fraud Magazine about data breaches and the untrained worker. Take the time to learn more about small business fraud risk and what can be done to mitigate the risks. Enjoy Cathy’s Tuesday Tip! ~ Cathy
By Robert E. Holtfreter, Ph.D., CFE, CICA, CBA; and Adrian Harrington
This study shows that untrained employees are the linchpins for most data breaches. Organizations can help prevent them if they’re filled with savvy and aware employees at all levels.
In one of the worst data breaches in 2015, a cybercriminal gang called Carbanak used a simple spear-phishing email scheme to fool employees in more than 100 banks in 30 nations throughout the world. Gang members penetrated employees’ computers with malware that they used to record keystrokes and take screenshots of computers so they could gain access to key employee account credentials and privileges. The criminals now could observe every step in daily cash transfers, impersonate bank officers and steal up to $1 billion in cash withdrawals directly from the banks and from ATM machines.
Data breaches are increasing in volume and scope.
The aim of this article and two subsequent ones will be to help protect public- and private-sector organizations by demonstrating a methodological framework for classifying and analyzing data breaches based on their internal and external causal factors. Our study’s results will help organizations devise security awareness and data protection programs as part of their risk management strategies. They will better safeguard records that contain personally identifiable information (PII) data and other sensitive material.
As this opening case shows, untrained employees are the linchpins for most data breaches. Our study will show that organizations can prevent these frauds if they’re filled with savvy and aware employees at all levels who — similar to fraud examiners — know how to detect and prevent them in their unique spheres.
The case is one of the largest on record although not representative in magnitude of the thousands that various organizations have been identifying and tracking. These include the Privacy Rights Clearinghouse (PRCH), Verizon and the Identity Theft Resource Center® (ITRC).
You can view the rest of this series at these links.