Shalini Kesar, a computer scientist at Southern Utah University in Cedar City, has devised an antifraud strategy for business. Writing in the International Journal of Business Information Systems from Inderscience Publishers, he suggests that managers should be made aware of security issues and send out cues to junior staff that they have this knowledge.
Combating digital fraud within any organizations is a growing problem for management. Researchers in this field and security practitioners have recently begun to emphasize the need to take into account the "social" aspects of information security. They also emphasize that a lack of communication at the wider organizational level is often associated with computer fraud.
"Computer fraud can result from incompetence, ignorance, negligence in the use of Information Technology or deliberate misappropriation by individuals," says Kesar. This results in the destruction of not only the main information systems but also backup systems, causing damages up to hundreds and thousands of dollars.
Kesar points out that reported cases of computer fraud only represent a tip of a potentially large iceberg. Anecdotal evidence suggests that employees pose one of the greatest threats because they are in a better position than "outsiders" to engage in computer fraud, Kesar adds.
Opportunistic computer fraud could be minimized, however, he says simply by raising managers' awareness and knowledge of how organizational structure can affect the effectiveness of security measures. Kesar uses the case of a well-known serious fraud that took place at an international bank together with the business theory of management theorist Henry Mintzberg to demonstrate how security breaches might be avoided by educating management.
"Lack of awareness of social and technical issues among managers largely manifest themselves in a failure to implement even the most basic safeguards and controls," the researchers conclude, "Concomitantly, if management ignores wider organizational structural issues then this too increases the likelihood of a potential offender committing computer fraud."
These two main insights point to Kesar's seemingly obvious solution, which simply involves teaching management and then subtly communicating management's new-found knowledge to employees.