With widespread reports on UK companies seeing a five fold rise in data breaches, Cifas has urged companies to step up their internal fraud prevention safeguards to protect themselves. The fraud prevention service has also highlighted that companies may not realise long-standing employees are one of the most overlooked root causes when it comes to data breaches.

A spokesperson said: “Internal fraud is one of the most damaging causes of a data breach – and the average internal fraudster has usually worked for the organisation for seven years, so don’t only vet new staff. Make sure you have a really thorough process in place for applicants and existing employees, including a whistle blowing policy to allow colleagues to highlight concerns.”

Related post:  Small businesses are often a big target for cyber criminals

“There’s lots of ways you can stay on top of your data management. Check who has access to your systems and records. Employees should only be able to access the systems and information they need to do their job. In previous years, Cifas members have recorded increases in the unlawful obtaining or disclosure of both commercial and personal data by staff, proving this is a growing threat to businesses across a number of sectors.”

The fraud prevention service also urged companies to think about how much autonomy employees have when it comes to managing finances and to ensure staff are fully trained: “Many frauds go undetected because staff are left to manage finances on their own – companies need to think about what processes they have to sign off and audit payments and invoices.

Related post:  Why soft skills could power the rise of robot leaders

“Organisations of all sizes across the public and private sector, not just financial service providers, need to look at their staff training, primarily information security and fraud awareness, to ensure that they are not placing themselves or their organisations at risk. All staff should be educated regularly on how to spot potential fraud attempts – such as ‘phishing’ emails designed to trick staff into letting criminals access their systems.”

https://www.cifas.org.uk/