Businesses can be at risk for cybercrime that occurs purposefully, such as when a current or former employee accesses the network to steal or share information or embezzle funds. Businesses sometimes have systems that are insecure or processes that make it easy to steal or duplicate information. Consider the following:
In one temporary staffing services firm, the system that created and paid invoices was able to be accessed by nearly anyone in the company. A single person could create an invoice, and also pay it, rather than these functions being performed separately. This left the company at high risk for fraud.
It happened. A human resources administrator who oversaw the short-term and temporary employee payroll at the firm created fictitious temp employees and gave them her Social Security number and address. Over the course of several years, she paid these fictional “employees” $66,000.
In another case, a bank didn’t perform systematic authentication for some types of transactions for high net-worth customers, instead counting on employees to recognize customers by voice on the phone. They did this in an effort to provide personal customer service.
The problem is, it backfired. Someone called in on a Friday before a long weekend requesting an urgent wire transfer. They sounded upset and their voice sounded unfamiliar, but the employee put it through because the bank was so focused on always providing the utmost in customer service. The money was wired into an account immediately. Unfortunately, the “customer” on the other end of the phone wasn’t who they said they were, and the bank and its real customer became victims of fraud.