Connect with us

IT Security

Important Tips For Reducing Employee Theft

Thieving employees can destroy a business that took years of blood-sweat-tears to build. Not only do the owners suffer but all the honest-hard working staff who could lose their jobs.

Thieving employees can destroy a business that took years of blood-sweat-tears to build. Not only do the owners suffer but all the honest-hard working staff who could lose their jobs.

There are 100′s of articles on businesses nearly losing all due to employee theft – below are just a small collection.

Staff theft almost closed supermarket

Shoplifters cost $1b as staff theft soars

Sacked school staff member admits theft

‘Trusted employee’ sentenced for theft

What becomes apparent while reading the articles is the amount of trust owners and managers grant employees – sometimes ignoring the obvious signs of theft because they cannot believe the “trusted” employee could “do that to them”.

Showing that you trust an employee can provide a loyal and long lasting relationship but can also breed opportunity.

In order to reduce theft within the work place I have provided some security processes you should implement.

Separation of Duties

All critical tasks such as banking, payroll and billing should be managed by more than one employee. For example all payments to suppliers/contractors/customers must have two signatories for sign-off. A summary of the accounts should be automatically emailed to a senior manager including audit events (audit events should record all additions, modifications and deletions done by the system and users. The audit logs cannot be altered by anyone including administrators. So if an employee covers up their theft by changing or deleting records within the accounts system the audit logs will show all events).

Separation of duties provides a business with the ability to remove the chance of having one person within the business in complete control of a critical process(s). There should be no employee that has the “is the only one that knows how to do this” role.

Job Rotation

Job rotation is the process of rotating employees among numerous jobs within the business. It maybe hard within a small business where there are limited staff and/or jobs but even having the marketing person hangout with the payroll person for a day can offer some benefits.

Job rotation provides two core benefits:

1) Provides a type of knowledge redundancy whereby if the payroll’s person gets run over by a bus another person who worked within that role for a period can take over while a suitable replacement is located.

2) Moving an employee around reduces the risk of fraud, theft, sabotage etc.. The longer an employee works within the same role, the more likely they will identify holes in the process to hide illegal activity.

Mandatory Holidays

Have you ever had an employee that refuses to go on holiday or allow anyone to take over their role for even a small period? That should raise alarm bells. Many cases of theft within a business identify that the staff member was in complete control of their tasks and hardly took any holidays sometimes for years on end.

By forcing all employees to take a holiday every year a business can not only audit all work done by the employee but allow another employee to learn the tasks as well – fulfilling the “Job Rotation” requirement.

Document the Tasks for a Process

By documenting in detail the steps for every process within a role the following benefits are provided:

1) A training manual for any new employees taking on the role.
2) A great resource for auditors reviewing the employee.

Principle of least privilege

The Principle of least privilege is applied within security to make sure that a person is not assigned rights and privileges they do not need to fulfil their role. For example having the employees use an admin level account on their desktop computer is a big no-no because it allows them to add, delete and modified software installed on their machines – which increases the damage malware can do on the computer and network.

An employee should only be allocated the rights and privileges they need to fufill their role – no more.

On top of that long term employees may also accumulate all kinds of rights and privileges as they change roles throughout their employment. This is called “privilege drifting” meaning the employees rights and privileges drift to each new role. This is why every employee must be audited (while they are on holiday!) so all access, rights and privileges not removed from previous roles and not needed anymore are removed.

If you reflect on an employee who uses an account on a networked business computer with full admin rights and also has accumulated over the years all kinds of rights and privileges from every role they did and none where removed – then goes “rogue” you can see where theft can be quite easy.

So in summary employee theft can be dramatically decreased by just implementing a few basic security practices.

BusinessArticles is the popular online Hub for quality business articles. We publish unique articles and share them with our social followers.

Continue Reading
Click to comment

Comments?

IT Security

How Compliant is your Small Business?

person on computer

Operating a small business doesn’t mean you can be complacent with how you’re protecting customer data and the prevention of the real threat of credit card theft.

Hacking gangs are alive and well hence the tightening of data protection rules  in the western world including the European Union’s GDPR.

Data Protection

So there’s two major compliances to work on immediately if you’ve not done so already.  Doing the basics  to ensure your business is in compliance with data protection laws including the GDPR even if you’re not in Europe is a must-do and here’s how you can get started if you’ve not done it already.

Every website collecting email addresses and more, need to comply with the requirements for protecting customer data.  There’s more that’s needed too see (Website policies) further on in this article.

PCI Compliance

There is also a pressing concern for all businesses, eCommerce and particularly those in the retail sector to commit to  PCI compliance.  You might be wondering what it is and is your operation too small to be bothered with it right now.

A really good explanation of what PCI DSS is and why any business transactions using credit cards needs to comply can be found in this article on BusinessBlogs.

Self Assessment

Smaller businesses can do a self assessment and why you might sigh with relief, don’t get too comfortable, you’ll still need to know exactly how to do a PCI self assessment and how to get set up so when your business grows it’s got everything in place for external assessments.

PCI and Networks

The real difficulty lies in understanding how sensitive data moves along your network which is a must for assessment.  The wireless LANs and other connectivity points like USBs and bluetooth can be penetrated hence they need to be monitored and secure.  This is where a PCI compliant specialist comes into their own not only for your self assessment but also when using external PCI auditors for your compliance.

Website Policies

Earlier on we mentioned protection of customer data and laws like GDPR.

Any business with a website that collects customer data can not avoid the basics website features that allow for transparency of how customer data is collected, utilised and shared with privacy and cookies policies.

This really is the norm now and it’s the entry level for all websites so all website developers will implement it, so it’s just the older sites and the Do-it-yourself crowd who need to be aware of the requirements.

Website visitor expectation is they’ll see the pop up that asks for acceptance of re. your website cookies policy and they’ll take the necessary action.  Without it, your business is not perceived as being secure and visitors may take no further action i.e. they’ll exit your site.

All websites should also be using the SSL (HTTPS), and be mobile ready.  Plus have all the bells and whistles in place to manage customer data collection and management for protection of customer data.

Summary

Ignorance is not bliss and it will be hurting your business if your website is not on top of it’s compliance requirements.   Get curious, find out what you need to know and when you need to take action to keep the hackers out and the visitors in.

Continue Reading

IT Security

Why Shopping Cart Abandonment?

online shopping

Shopping cart abandonment is not decreasing. Buyers add stuff to their shopping cart, however exit without finishing the purchase. The term ‘buyer’s remorse‘ needs to coined another way to describe why online shoppers abandon their shopping carts.

Relinquishment is an electronic business term used to portray a condition wherein a visitor on a page leaves that page before completing the pined for movement. Occurrences of betraying, are the place shopping cart abandonment happens the most! The reasons change from site to site and they’re explained well in the infographic created by Fullestop. We’ve added it to this post for you.

Web business destinations attempt to decrease their cart abandonment rate; however it’s a losing battle with a high level of customers still slipping past. Honestly, shopping case surrender rates if all else fails are actually rising. Business Insider reports that $4.6 trillion worth of stock was left in spurned trucks in 2016, up from $4.2 trillion out of 2013.

Reasons behind Shopping Cart Abandonment

For the retail part, these were the most widely recognized explanations behind the surrender:
• 34% were ‘quite recently looking’ i.e. not prepared to purchase.
• 23% had an issue with transportation.
• 18% needed to look at costs.
• 15% chose to purchase in-store.
• 6% relinquished because of an absence of instalment alternatives.
• 4% encountered a specialized issue.

Distinctive edifications have been offered trying to state why buyers leave shopping bushels. Most, by far, of the reasons, take after the ones in this present reality shopping process. The basic enlightenments behind shopping wicker container betraying have been seen as:

Perplexity with astound costs: in the far-fetched event that it’s not clear how to influence a purchase and you to leave your prospects with no other individual, expecting that “they’ll appreciate it”, you’re in for an epic dissatisfaction. Correspondingly, if they are out of the blue given some extra costs that they didn’t expect, you were showing the portal yourself.

Alert or secure site: An alert about the website can without much effort change over into fear. The starting point for a business is website security and assuring customers the website is safe and secure and this includes their shopping cart and when it comes to credit card data, what information is requested from purchasers.

Most electronic business purchasers are careful about revealing their own particular information, especially with respect to MasterCard inspirations driving interest. Purchasers are already nervous and it’s not long before they end up plainly suspicious especially if an overabundance of information is requested from them.

shopping cart abandonment infographic

Continue Reading

IT Security

How To Protect Your Business From Cyber Attacks

dealing with toxic co-workers

There is no getting away from the fact that cybercriminals and hackers are everywhere these days. Business owners need to remain vigilant and take precautions if they don’t want to become the victims of crime. The information in this article will educate all readers about the basics of protecting their operations and ensuring information theft doesn’t occur. The last thing any entrepreneur wants is for a hacker to steal their customer payment details because that often results in bad press and a lot of headaches. With that in mind, use the advice below to ensure you leave no stone unturned when it comes to securing your company.

So how do hackers break into my website or computer network?

There are many ways in which hackers might attempt to breach your security tools and gain access to your website or office computer network. However, some methods are more common than others. In recent times, business owners report the following strategies when hacking attacks occur:

  • The hacker will upload specialist tools to your website that allow them to create multiple backdoors. That means that if you identify the first vulnerability and fix it, the criminal can still gain access using a variety of different methods.
  • The criminal will use malicious Javascript code to your website template and use it to infect the computers of anyone who visits your domain. However, they won’t do that every single time someone clicks your link because that might expose their efforts. Instead, the hacker will randomly attack computers so their strategy is harder to detect than it otherwise would have been.
  • Some online hackers will attempt to download all user accounts and then use specialist tools to break through password encryption. Alternatively, those criminals can just steal the contact information like email addresses before selling the data to spamming organisations.

Well, how do I stop that from happening?

Protecting your computer network:

You have lots of options on the table when it comes to protecting a computer network against hacking attacks. In most instances, it makes sense to build a relationship with an IT Support company that can offer assistance if the worst occurs. However, there are lots of preventative measures you can take in advance. Considering that, be sure to read the following information carefully and put the tips into action as soon as possible!

  • Invest in digital and physical firewalls – You can get those items online for little money these days. Just be sure to conduct a lot of research and read reviews from other business owners before committing.
  • Keep all software updated – Software developers release updated versions of their products all the time to help combat security vulnerabilities. If you don’t have the latest version of the program, you might expose your company to hackers.
  • Provide employee security training – It’s vital to offer all employees training on the best practices for maintaining maximum security. For instance, business owners should ensure their workers never connect personal smartphones to the business network. Likewise, the team members should never access their social media accounts in the workplace. However they should follow an IT Security expert and learn from their views and news. That could create security concerns.
  • Use strong and random passwords that contain numbers and letters – There are lots of random password tools that anyone can use if they want to ensure hackers can’t guess their way into the network. It’s worth investing in one of those programs as soon as possible.
  • Don’t connect unknown devices to your computers – As mentioned a moment ago, connecting smartphones and other media to your computer network could create problems. If hackers already have access to that device, they will have no issue when it comes to penetrating your system.
  • Encrypt all sensitive data or store it in the cloud – Cloud storage providers use some of the most advanced encryption tools and strategies possible. So, business owners shouldn’t have to worry too much if they keep their sensitive data secure using one of those services. However, it’s also vital that you encrypt information on your office network too!
  • Never use unsecured WiFi networks – If you connect your computers to unsecured public networks, hackers can break into your system in a matter of sections. Indeed, there are low-cost computer programs that even teenagers could use to steal your information if you make that simple error.

Protecting your website:

Business owners also need to follow the correct strategies when it comes to ensuring their websites don’t become vulnerable to hacking attacks. The list of tips below will assist you in making sure your site has the most robust protections possible. Failure to implement the advice from this section will mean you stand a much higher chance of becoming a victim than those who pay attention.

  • Keep all software, and website plugins up-to-date – Hackers will look to exploit the vulnerabilities that developers work hard to solve with their software and plug-in updates.
  • Use complex passwords – Again, you can find programs that create random passwords without breaking the bank.
  • Don’t allow users to upload files – Unless there is no alternative, allowing users to upload files is a recipe for disaster.
  • Only use HTTPS to deliver private information (payment details, etc.)
  • Use the best website security tools – There are new programs and plug-ins hitting the market every single day. So, business owners just need to keep abreast of the latest advancements and invest at the right time.
  • Always use a secure online payment gateway – Consumers expect to see that little padlock in the left-hand cover of the address bar when they enter payment information. Ensuring the page is secure should help to protect against hacking attacks. However, it should also mean you miss out on fewer sales.

Now you know all the basics of protecting your business from cyber attacks; you just need to put that advice into action. There is no time to delay because criminals work around the clock to steal information and profit from their crimes. So, sit down with your most dedicated team members as soon as possible before discussing the matter and designing your strategy. As stated only a moment ago, sometimes company bosses will benefit from the expertise of professionals. With that in might, weigh all the pros and cons and then work out if you have enough money in your budget to pay for assistance. If you don’t, just follow the advice from tips post!

Continue Reading

Trending