Detecting and preventing insider errors is an ongoing battle for IT, HR, compliance and risk managers. Although crime and fraud are among the most serious threats facing businesses, accidental errors and mistakes, such as the ‘fat finger’ trading error, falling for the Fake President Fraud, or downloading ransomware, pose a genuine threat that all companies must be alert to.
One recent example from 2014 illustrates the potential financial risks, when a junior employee at an investment bank in Japan erroneously placed orders for stock purchases which, had they been fulfilled, would have exceeded £380 billion. By following these simple steps, you can help protect your business from damaging employee errors:
Define Policies
- Clear, unambiguous policies guide employees and effectively govern the rules of behavior within the office environment. It’s important to set strict rules, for example around IT security or e-mail, which are designed to protect employees from accidentally introducing malware into company IT systems, or communicating privileged financial information or accidentally committing insider trading.
- Top down endorsement from senior executives – who also need to visibly demonstrate their understanding of all policies ensures buy-in at all levels.
Refine Procedures
- Ensure robust and tested procedures across all areas of employee activity to reduce mistakes. For example all traders must be trained in the tools they use, they must have the appropriate authorisations and specifically error control.
- Create documented and tested incident plans – to cover a range of variables, such as IT system failure, trading errors or data breaches.
- Robust internal policies ensure that when an incident occurs, for example the loss of a laptop computer or a suspected data breach, employees know how to act to minimise disruption and report, manage and contain the incident.
Apply Technology
- Technology can support Policies & Procedures
- Introduce two factor authentication as standard
- Implement full disk encryption on all laptops, desktops and mobile devices
- Maintain and monitor security logs which can highlight activity which is outside standard business as usual
==========
My name is Delphine Leroy. As the Financial Lines Underwriting Director for Continental Europe, I head up CNA Hardy’s Management Liability, Financial Institutions and Professional Indemnity Continental underwriting team. Follow CNA Hardy’s blog series on LinkedIn.
Detecting and preventing insider errors is an ongoing battle for IT, HR, compliance and risk managers. Although crime and fraud are among the most serious threats facing businesses, accidental errors and mistakes, such as the ‘fat finger’ trading error, falling for the Fake President Fraud, or downloading ransomware, pose a genuine threat that all companies must be alert to.
One recent example from 2014 illustrates the potential financial risks, when a junior employee at an investment bank in Japan erroneously placed orders for stock purchases which, had they been fulfilled, would have exceeded £380 billion. By following these simple steps, you can help protect your business from damaging employee errors:
Define Policies
- Clear, unambiguous policies guide employees and effectively govern the rules of behavior within the office environment. It’s important to set strict rules, for example around IT security or e-mail, which are designed to protect employees from accidentally introducing malware into company IT systems, or communicating privileged financial information or accidentally committing insider trading.
- Top down endorsement from senior executives – who also need to visibly demonstrate their understanding of all policies ensures buy-in at all levels.
Refine Procedures
- Ensure robust and tested procedures across all areas of employee activity to reduce mistakes. For example all traders must be trained in the tools they use, they must have the appropriate authorisations and specifically error control.
- Create documented and tested incident plans – to cover a range of variables, such as IT system failure, trading errors or data breaches.
- Robust internal policies ensure that when an incident occurs, for example the loss of a laptop computer or a suspected data breach, employees know how to act to minimise disruption and report, manage and contain the incident.
Apply Technology
- Technology can support Policies & Procedures
- Introduce two factor authentication as standard
- Implement full disk encryption on all laptops, desktops and mobile devices
- Maintain and monitor security logs which can highlight activity which is outside standard business as usual
==========
My name is Delphine Leroy. As the Financial Lines Underwriting Director for Continental Europe, I head up CNA Hardy’s Management Liability, Financial Institutions and Professional Indemnity Continental underwriting team. Follow CNA Hardy’s blog series on LinkedIn.
-->