Company employees pose the greatest risk to an organization for many reasons. First, certain employees of any company from top to bottom have certain access to information which may be extremely useful to the employees and sometimes their outside perpetrators. In fact, some employees may collude with other employees or outsiders to commit a criminal act which not only facilitates the crime but also benefits everyone.
There are in general two types of employees who commit most of the criminal acts:
You may be wondering why a company owner might commit a criminal act against its own property, however, as we will discuss the 3 fraud elements, you will notice that a company owner may have the justification, incentive and opportunity to commit fraud. For example, a property owner may burn down its own property to collect cash from the insurance company and get out of debt or other business obligations because he thinks that the insurance companies and himself deserve the consequences and he can easily do it without being detected because he has access to entry when no one is around.
An employee may also believe that defrauding his company may be worth the risk because the company deserves it or he deserves it for putting in so many years, etc. As you can see the justifications for committing fraud alone or with the help of others who share similar motives or incentives are not limited. The main risk is around the opportunity that an employee may have due to his access to information and company assets. This is why access must be authorized and the appropriateness of access level must be considered for the employee position. Then, access which might adversely affect the company and its customers must be monitored to detect suspicious activities. For example, monitoring the network activities may have detected unusual network traffic and prevented the huge movie downloads that Sony experienced.
As you see, the criminal aspect of the employee activity is not always related to one specific target. A company can be damaged in various ways and it’s not always through financial fraud or information theft. It can also be tied to destruction of property for personal gain, self satisfaction or revenge, or ideological reasons. A proper risk assessment should identify the various threats, consequences, and risk mitigation strategies depending on the nature of the company and associated risks.
Other reasons for employees who violate company policies by changing or overriding them on purpose include their belief that they have the right and authority to do so for whatever reason which goes back to their justification and opportunity factors.
Accidental errors and violations may occur but they can be corrected with training.
The Fraud Elements
There are usually three (3) factors which criminals must consider before committing the crime:
The most successful criminal employees are the ones who act small and slowly over a period of time to reach their goals. Typically, an unauthorized activity when committed in smaller portions and steps over a long period of time has less potential for detection as most systems are designed to detect obviously suspicious activities. The majority of crimes are committed with a low tech approach with previously granted approved access.
Consider one or more of the following to manage the insider risks: