Current at: 09 May 2008
Protecting your Business From Computer-Related Fraud
Mention ‘risk management’ and most people would automatically think of OH&S. That’s not a bad thing, as protecting yourself and your workers from physical harm is a vital part of your business.However, there are other types of risk you should be looking to manage, such as loss through internet-related fraud, scams and employee fraud, and loss caused by human error.
We have put together some practical information to help you identify and evaluate these types of risks and provided some simple suggestions on how you can protect your business.
COMPUTER-RELATED FRAUD
If there was ever a silver lining to computer-related fraud, it would be the vast quantity of time and resources that are dedicated to protecting you and your computer from falling victim to this particular kind of deception.
Following are a few of the most common methods used by would-be fraudsters and the solutions that are readily available in the market to protect against them.
Spyware
What it is it?
Spyware is a program that is secretly installed on a computer. It may take personal information, business information, bandwidth or processing capacity and give it to someone else. It is recognised as a growing problem.
How can I protect my business?
There are a wide range of programs especially designed to remove or block spyware. There are also some major anti-virus firms such as SymantecTM, McAfee® and SophosTM that now include anti-spyware features to their existing anti-virus products. Microsoft also provide free anti-spyware downloads for several Windows versions. However, keep in mind that when a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing-up user data and fully reinstalling the operating system.
Identity theft
What it is it?
A large part of online crime is now centred on identity theft and specifically refers to the theft and use of personal identifying information of an actual person (as opposed to the use of a fictitious identity). This can include the theft and use of personal information of persons either living or dead.
How can I protect my business?
Suggested preventative measures include:
• destroying identifying information before putting it in your rubbish bin
• ensuring that personal information has been removed from redundant equipment, such as old computers, before disposal
• knowing who you are giving your personal information to, e.g. ensure your resume is being provided to a legitimate company
• limiting the amount of identifying personal information on social networks such as Facebook, Bebo and MySpace.
If you do lose personal information or identification, or if it has been stolen from you, taking certain steps quickly can minimise the potential for identity theft.
• Financial accounts: Close accounts, such as credit cards and bank accounts, immediately. When you open new accounts, place passwords on them. Avoid using obvious passwords such as your mother’s maiden name, your birth date, or a series of consecutive numbers.
• Driver’s licence/other government issued identification: Contact the agency that issued the licence or other identification document to arrange for its cancellation and a replacement to be sent to you. Ask the agency to flag your file so that no-one else can get a licence or any other identification document from them in your name.
Phishing
What it is it?
Phishing is a technique used to gain personal information for the purpose of identity theft. Phishing involves using a form of spam to fraudulently gain access to people’s online banking details. As well as targeting online banking customers, phishing emails may target online auction sites or other online payment facilities.
Typically, a phishing email will ask an online banking customer to follow a link in order to update personal bank account details. If the link is followed, the victim downloads a program which captures his or her banking login details and sends them to a third party.
How can I protect my business?
Anti-phishing measures have been implemented as features embedded in browsers, as extensions or toolbars for browsers, and as part of website login procedures. This type of software maintains a list – called a ‘live blacklist’ – of known phishing sites and checks those websites visited by you against the list.
Alternatively, it only allows access to ‘live whitelists’. Specialised spam filters can also reduce the number of phishing emails that reach your inbox. Again, be smart with giving out your personal details; e.g. your banking institution will not ask you at random to update your bank account details via email.
Internet banking fraud
What it is it?
Internet banking fraud is a fraud or theft committed using online technology to illegally remove or transfer money from a bank account. Internet banking fraud is a form of identity theft and is usually made possible through techniques such as phishing.
How can I protect my business?
Fortunately, many banks employ sophisticated software which enables the data that is sent from your computer to the bank via internet to be encrypted. Other measures that you can adopt include:
• employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering your computer system
• using encryption software
• monitoring all email traffic
• knowing who you are giving your personal details to; e.g. use your credit card to pay for online transactions only through reputable companies.