March is Fraud Prevention Month in Canada and so we thought it would be a great idea to outline some of the things that Long View does to help both our staff and customers avoid IT fraud.
IT fraud is something most reading this will be familiar with. Basically, it’s instances of someone using technology for personal gain or to cause a loss to another party. The theft of information is typically the most common type of IT fraud, where the perpetrator then uses the information in a fraudulent way.
The 2013/2014 Global Fraud Report, a survey conducted by Kroll, reported that information theft rose 4% in 2013, with 22% of respondents saying they had been affected by that type of fraud.
It requires constant work and improvement to keep ahead of information theft. A key problem is that the technology to prevent IT fraud trails the technology people use to do it. This is why you’re constantly reminded to update your security software and settings – it may seem like an annoying thing, but it’s an important step in keeping your device secure.
Long View takes a best practice approach to dealing with IT fraud, our methods and processes are quite detailed and comprehensive, but for the purposes of the post I’ll summarize them. You can always contact me for more in depth information.
Our system works to prevent technological IT fraud, and to mitigate the ‘human factor’ that is often involved.
1. Our Service Management Office provides centralized Information Security Management System functionality to the company and to our business. The program ensures a standardized and consistent approach to IT security.
2. Information Security Management System program based on the most up to date industry best practices.
3. Technology alone can’t prevent IT fraud, so we’ve developed IT security and privacy policies to set user processes and procedures for all employees. We set a culture and behavior with our employees to ensure awareness.
4. The technology itself: solutions to detect and prevent IT fraud. This is our IDS/IPS, antivirus software, firewalls, SIEM, and our patch and vulnerability management.
5. An incident response process that ensures we react quickly and responsibly.
6. Regular IT security training for staff
7. Internal IT security audits
8. External IT security audits
9. Monitoring and continuous improvement of the above!
A number of recent events in the media have heightened awareness of IT fraud. The Target credit card theft over Christmas, recent Adobe security breach, and the reported Apple OS vulnerabilities are just some better-known examples.
Knowledge in the general public is growing, but it is critical that both corporations and individual citizens practice the habits that help them remain secure online. This post was a pretty high level overview of what a corporation needs to do, next time we can break it down into individual tactics that people can practice.
Happy Fraud Awareness Month – here’s to staying out of trouble.
Follow me @SeanDMcLeod