Often times when we think of gangs, we think of criminal activities. We do not often associate gangs with billions of dollars in white collar fraud. In 2015, that is exactly what a cybercriminal gang did. Carabank was intelligent enough to infect companies with a simple malware that recorded the keystrokes from their employees. Carabank then had the ingenuity to take this information and turn it into over a billion dollars of cash withdrawals.
According to Fraud Magazine, “Over 26% of data breaches could be traced back to two things: the improper protections and disposal of data and the loss of data. 26% of data breaches can also be traced back to employees either being careless with information, or not following good judgement. The solution is to bestow the ability upon all of their employees to use good judgement. That is one possible solution, however it is not the simple solution that we are striving for.”
A simple solution is to only give access to employees that need the information, and implement basic internal controls. For example, if you have a company of 50 employees, and only 3 employees have access to sensitive information, as an employer you are only concerning yourself with the possibility of 6% of your workforce causing a data breach.
As an employer, what steps can be taken to ensure the trusted 6% do not cause irreversible damage to your company by not using good judgement? The simple solution is to make the employee accountable for the information at all times and be provided the right amount of support.
If your employees use laptops, ensure the basic internal controls are in place if the laptop is stolen. Then you will know your information is protected. Make sure your employees are sending the data to a trusted source or an individual employee that needs the data. Train your employees to spend the extra few minutes shredding the data instead of just throwing it away. In my opinion, the solution to this problem could not be any simpler.