4 Checklists That Could Save Your Company Money

/

AUTHOR’S POST

Mandy Moody
ACFE Social Media Specialist

It sounds counterintuitive to say, “Happy Fraud Week” to my coworkers every year around this time, but I have to admit that I genuinely get excited for a week dedicated to sharing content and resources that ultimately strengthen the fight against fraud. Less fraud; more education: This, in fact, does make me happy.

This week has brought a multitude of tremendous supporters - more than 700 - to the forefront of the fight. From South Africa to California, I have seen seminars, conferences, white papers and more cross my screen over the past few days. We have had more than half a million tweets about International Fraud Awareness Week, and it’s only Thursday.

In the spirit of collaboration, I wanted to share with you some of the valuable “top” lists that I have seen light up on my dashboard this week:

Find more resources, highlights and coverage at FraudWeek.com. Also, http://www.twitter.com/TheACFE and search for #FraudWeek for real-time updates.

TMI: The Blurry Line Between Professional and Personal Data

/

SPECIAL TO THE WEB

Robert Tie, CFE, CFP
Contributing Editor, Fraud Magazine

Some of us complain about the blurring boundaries between our work and personal lives, but fraudsters love it. Why? Because the way many of us use personal email accounts and social media sites influences our approaches to working on corporate systems. However, the relatively indiscriminate sharing of personal data that so many consumer websites encourage is antithetical to the safe use of corporate information resources.

"Users are the predominant vector for cyber attacks on corporate systems," said Jim Butterworth, CFE, an ACFE faculty member and chief security officer at HBGary, a cyber-security consultancy in Sacramento, Calif. "Fraudsters know that the user is the weak link in system security."

Recent research shows how serious and widespread this problem is. In September, Symantec Corp., a maker of anti-virus software, released its 2012 Norton Cybercrime Report, which found that in the prior 12 months an estimated 556 million people around the world fell prey to cybercrime.

Responses to Norton's survey of more than 13,000 adults in 24 countries revealed that even though users were aware of the security risks they face online, many still didn't take steps to mitigate those dangers. While 75 percent of users said they believed cyber criminals focus on social networks, only 44 percent took advantage of applications that can protect them at such sites and only 49 percent use those sites' privacy settings to limit how much and with whom they share information.

When such computing habits persist at work, they can threaten the safety of corporate systems and hurt the bottom line. Another study, released in October, paints a clear, worrisome picture of how badly organizations need — but often don't have — effective cyber security programs.

The 2012 Cost of Cybercrime Study conducted by the Ponemon Institute, a privacy and security think tank, under the sponsorship of tech giant HP, found that the average annualized cost of cybercrime incurred by a sample of U.S. organizations was $8.9 million — 6 percent more than in 2011 and 38 percent more than in 2010. The 2012 report also found that the average corporation experienced 102 successful cyber attacks a week, up from 72 attacks a week in 2011 and 50 attacks a week in 2010.

It's clear that organizations — and the CFEs who serve them as employees or consultants — need to come up with effective countermeasures quickly. Sometimes, though, that's easier said than done.

HUMAN FRAILTY

Case in point: In October, a client of Butterworth's firm requested a routine assessment of its system security. During its analysis, HBGary discovered that five of the client's PCs were infected with a remote administration tool (RAT), a form of malware that surreptitiously executed commands the hackers sent it while the PC was connected to the Internet. HBGary also found that the hackers' software had been in place for more than two years, secretly monitoring the client's system and transmitting confidential information to a group that Butterworth's firm determined is located in China's Shandong province — the same region to which Google traced hackers who broke into its system in 2011.

Read more about Butterworth's case in the full article on Fraud-Magazine.com.

5 Proven Analytic Methods to Discover Fraud in Data

/

GUEST BLOGGER

Scott Patterson
ACFE Media Relations Specialist

To wrap up Fraud Week, I’d like to pass along some words of wisdom from one of this year’s new Official Supporters, Centrifuge Systems. Renee Lorton, Centrifuge’s CEO, wrote to us about the importance of analyzing and evaluating data in any effort to detect and prevent fraud.

“Big data is everywhere. Customer data. Social networking data.  External watch sites. Industry lists,” Lorton wrote. “With more data comes the opportunity for hidden crimes of collusion -- criminal rings of behavior that span global business networks. International Fraud Awareness Week is a call to action to tame this jungle of data.” 

So these tips are for the “data guardians.” Lorton provides five proven analytic methods to discover fraud in your data:

  • Integrate disparate data sources enabling your analysts to connect the dots and reveal the truth. This could include business line data, fraud alerts, customer transaction records, employee data or invoices.
  • Profile your data first. Charts and histograms can be very effective ways to understand the data values you are working with. These initial profiles will point you in the right direction for more advanced analysis which may include creating new variables and defining relationship maps.
  • Extend your current analysis techniques to include interactive data visualization. You will find that different forms of charts, time lines, tables and relationship graphs reveal unique insights that predictive technologies and rules based systems simply can't find.
  • Use "visual cues" when analyzing relationship graphs. These can include link directions, size of nodes and width of links. These visual cues allow you to quickly identify interesting parts of the graph. For example, you can quickly pinpoint people with similar addresses or large financial transactions.
  • Document and share insights throughout the investigation. As you reveal key findings, hidden relationships or unusual behavior, document your results. Tracking the discovery process over time will be invaluable as you educate others on how you arrived at your conclusions. Sharing results with other fraud analysts should speed up the investigation.

Thank you to Centrifuge Systems, and all of our Official Supporters, for making this an amazing week of raising awareness and shining a spotlight on white-collar crime.

Until next year...