"You need to educate people, and you need to have the right control procedures in place to ensure that people are aware of insider fraud," says Larry Ponemon, offering tips to reduce insider risks.
In an interview about the insider threat, Ponemon discusses:
Key findings from this new research;
What needs to be...
A laptop stolen from an employee of Accretive Health last year was not encrypted "due to the oversight of an individual IT employee," the company says in a 29-page comment letter sent to Sen. Al Franken, D-Minn. That employee subsequently was fired, the company reports.
Dollars lost of fraud are one measure of an incident's impact. But the "soft" costs - loss of reputation and productivity - are the ones that most get the attention of Terry Austin of Guardian Analytics.
Too many banks and credit unions are being narrow-minded in their approaches to FFIEC Authentication Guidance conformance, by focusing on commercial accounts and neglecting retail accounts, one ACH fraud attorney says.