Spot fraudsters in your office before they strike

Companies are being urged to do what they can to protect themselves against potential fraudsters within their organisation before an individual has the chance to strike - and it's a process which can begin as early as the application stage.

It sounds impossible - to spot something which is by its very nature unexpected - but it falls within the remit of risk management and risk mitigation and there are practical steps many companies are currently not taking, according to security experts.

Non-obvious relationship analysis and CV analysis are among the methods being proposed at the earliest stages of the detection process. And further on down the line companies must do all they can to ensure employees only have access to data they need for the jobs and can only access it and use it in ways identified as necessary for their job, said Peter Dorrington, fraud investigator at software vendor SAS.

Companies are slowly waking up to the fact that their greatest threat may be posed by individuals within the organisation, especially if they put a high value on their intellectual property.

Jay Heiser, research VP at Gartner, said it is impossible to gather "statistical evidence on how much stuff is leaking out through the door" because it is dealing with the unknown. It is certainly going on but those who have been caught could represent the tip of the iceberg.

And even when a company knows how much data has been leaked that figure still offers no indication of the damage which could be caused in the short and long term.

Heiser said: "How can you ever quantify the damage that could be caused if somebody walks out the door with your list of prospects? What is the value of losing that information? It could be nothing or it could put you out of business."

CV analysis is an area of growing interest, although its accuracy and relevance have been widely questioned.

SAS' Dorrington said: "Only the discursive parts of a CV are relevant for analysis but within those there are certainly statements of falsehoods or crossovers with other CVs which can be identified."

A computer can recognise statements which have occurred in multiple CVs or CVs which are identical in all but a few details but this is still a case of flagging up CVs for human scrutiny rather than accepting or refusing them automatically.

Dorrington said some people think they can spot a fraudster as soon as they walk in the room but he believes judging people by the strength of their handshake, or whether they make eye contact, is about as reliable as judging them on the colour of their hair.

And don't expect any help from HR. Dorrington said: "HR departments aren't trained to detect fraud and probably aren't even trained to know how a fraud might be committed within the organisation."

Non-obvious relationship analysis is another area of growing interest, with its roots in US government.

Such systems will cross-reference all data on individuals within a defined group of employees, partners and suppliers, for example, and will spot the relationships which aren't immediately evident. Employees who have past addresses in common, similar educations, former employers in common and other similarities are no cause for concern but if they appear not to know one another or start to conduct similar flag-raising activities further investigation may be called for.

But there are also warnings about an over-reliance upon technology, accepting systems may not be able to tell the difference between a conscientious worker and a potential fraudster.

Dorrington said: "A computer can show you correlation but any investigation should be carried out by a human being. A typical fraudster will be somebody who gets their head down, works hard, doesn't take days off, works their hours and tries not to stand out. But that also matches the profile of a very conscientious worker."

But even if companies could effectively weed out all problem individuals early, which is highly unlikely, they still cannot assume they are protected in the long term.

"People's circumstances can change," said Dorrington, citing debts as one reason an individual may turn to stealing data from their employer.

They may be approached by a rival company soliciting information for cash or they may look for a job elsewhere and take prospects or leads with them as an incentive to being hired.

As such, Dorrington said, companies must constantly monitor which information is being accessed and what it is being used for, and put blocks on anything where the risks outweigh the benefits.

Companies should ask themselves whether somebody who needs to access a file should be able to print it, save it locally or move it. Likewise they should ask themselves whether employees should be able to plug in removable media or, in extreme cases, even be allowed to bring removable media, devices and mobile phones into the office.