A way forward is awareness training, he recommended. Have it as part of the induction programme for newcomers in a company, get them to sign that they have understood acceptable use policies, and reinforce the message through a series of e-mail, short seminars and screensavers, listed out Stagg.
Technology plays its part
During a fraud investigation, computer forensics is a component that should not be left out, recommended Ramesh Moosa, director, forensic technology solutions, PricewaterhouseCoopers. Computers are filing cabinets with audit trails and these are cold hard facts, he explained. This evidence can be used to prove for or against claims made by people.
Highlighting the case of a local pharmaceutical company where it was suspected of conducting illegal business at the side by its major shareholders in the US, computer forensics experts were able track down evidence of the local shareholder's doings in e-mail and deleted files. With the proof, the offender was forced to relinquish his shares in the company and the company did not have to undergo the unwanted attention of a public lawsuit.
Meanwhile, fraud cases tend to be discovered only by external parties or by accident, observed Shahar Mor, CTO, Sparktech. The uncovering usually happens long after the fraudulent activities have started, he added.
To solve the above issues, companies need to employ data analytic tools that can spot irregular behaviour patterns by employees in real-time. Being able to profile employees, the systems must be able to detect out-of-the-ordinary activities such as irregular working hours and a high number of beneficiary changes per day. It has to also support the entire fraud life cycle from deterrence to prosecution, said Mor.
Sign up for Computerworld eNewsletters.