SlideShare une entreprise Scribd logo

Combating Fraud: Six Principles for Security

Strategic Treasurer
Strategic Treasurer

The rise of fraudulent activity is at the top of the list of concerns for treasury today. Even though many organizations are investing in treasury technology, there is still room for improvement. These principles span multiple departments and will guide practitioners to a more well-rounded set of controls. This slide presentation will provide six straightforward and actionable security principles that can support an organization’s security framework.

Business
1  sur  24
Télécharger pour lire hors ligne
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com Combating Fraud © 2018 Strategic Treasurer LLC. Craig Jeffery, Managing Partner, Strategic Treasurer Debbi Denison, Senior Consultant, Strategic Treasurer 6 Key Security Principles – Part 2
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 2 About the Presenters Debbi Denison is a senior consultant at Strategic Treasurer responsible for leading client projects and relationships across working capital, cash management, liquidity management, treasury technology, and risk domains. Mrs. Denison has held senior treasury positions with global, multi-national and Fortune 500 corporations in the fields of utility, airline, consumer products and pharmaceuticals. Her leadership experience comprises leveraging technology to proactively identify and implement leading practices with respect to global liquidity, pooling structures, credit card programs and accounts receivable factoring. Craig Jeffery, CCM, FLMI Founder & Managing Partner Strategic Treasurer Debbi Denison Senior Consultant Strategic Treasurer Craig Jeffery formed Strategic Treasurer LLC in 2004 to provide corporate, educational, and government entities direct access to comprehensive and current assistance with their treasury and financial process needs. His 20+ years of financial and treasury experience as a practitioner and as a consultant have uniquely qualified him to help organizations craft realistic goals and achieve significant benefits quickly.
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com 3 Topics of Discussion © 2018 Strategic Treasurer LLC.  State of Fraud in 2018 o Corporate Fraud Experience o Security Concerns & Investment Plans  Securing Treasury o The Fraud Battlefield o The Criminal’s Playbook o Human & Technology Components o S.E.C.U.R.E. C.L.A.M.P.S  6 Key Security Principles o Controls – Dual Control o Layers – Multiple Security Layers o Awareness / Understanding / Testing o Monitoring o Privilege o Secure Removal / Deletion of Data  Final Thoughts
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 4 State of Treasury Fraud in 2018 Corporates: In the past year, I think that the threat-level of cyber fraud and payment fraud has: 30% 54% 14% 1% 1% 0% 10% 20% 30% 40% 50% 60% Significantly increased Increased Stayed the same Decreased or significantly decreased Unsure 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey Escalated Threat • Comparing 2018 to 2017, the vast majority (84%) of corporate practitioners believe the threat of cyber and payments fraud has increased. • Only 1% believe that the threat has decreased. • These figures highlight the extreme levels of concern towards fraud within the corporate treasury environment.
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 5 State of Treasury Fraud in 2018 Have you experienced fraud in the last 12 months? Data excludes “unsure” responses Fraud Experiences Rise • Looking at corporate fraud experiences, it appears that practitioners are correct in their perception that fraudulent threats have increased. • These figures represent a 17% overall increase (40%+ year-over- year) in corporate fraud experience since 2016. • Today, more organizations experience fraudulent attacks than those that don’t. 40% 52% 57% 0% 10% 20% 30% 40% 50% 60% 2016 2017 2018 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 6 State of Treasury Fraud in 2018 Corporates: Have you experienced any of the following in the past two years? Data excludes “unsure” responses 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey 26% 36% 56% 68% 67% 69% 76% 63% 53% 36% 28% 26% 23% 17% 11% 11% 7% 4% 5% 7% 7% 1% 1% 1% 0% 3% 1% 0% 0% 10% 20% 30% 40% 50% 60% 70% 80% Payment fraud - Business Email Compromise (BEC) / CEO Email Fraud / Imposter Fraud / Social Engineering Fraud Check/cheque forgery Check/cheque conversion fraud ACH fraud Card Fraud (Pcard) Card Fraud (T&E) Wire fraud - system oriented, payment (system access or credential theft) No Some attempts, no success. Yes, we suffered a loss. Yes, we suffered a loss. At least one person was terminated or let go.
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 7 The Fraud Battlefield CORPORATE PERIMETER 3rd PARTY INTERIOR ACCESS CONTROL EXTERNAL DATA Employees Sensitive Data Incident Response Employee Management Treasury Security Framework Access Control Banking Design Lockdown Playbook Assessment & Benchmarking Duties & Policies Communications Liability Management CloudSecurityCyberSecurity SegregationofDutiesTransaction&DailyLimits Network Desktop SAN TRANSPORT ACCESS SaaS TMS Banks PartnersTemp/Contractors The Fraud Battlefield: Access Control
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 8 The Criminal’s Playbook Steal Funds Directly Get You To Send Funds Take Data and Sell it Lock up data for Ransom Fraud TypeFraud Intent High Payout Low Payout ControlofFraud HighControlLowControl The Criminal’s Playbook: Fraud Types & Associated Intentions Check ForgerySystem Fraud ACH Fraud - Personal Payment Systems AP Vendor Master Record Changes Business Email Compromise Ransomware as a Service Ransomware via Worm Data Breach Surveying the Field: There are a wide variety of fraudulent methods for criminals to select from. If an organization is protected at one juncture, a criminal may move on to target them through another avenue or area of exposure. Due to the ever-evolving playbook of today’s criminal, organizations must be constantly monitoring their operations to locate exposures and identify suspicious activity.
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 9 Items to Consider Technology Security Components Human Security Components Antivirus Software Firewall Multifactor Authentication User Monitoring Tools Biometrics Encryption Tokenization SAML 2.0 Security Training (Regularly) Employee Testing (Phishing emails) Whistleblower Policy Clean Desk Policy Dual Controls Segregation of Duties Principle of Least Privilege
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 10 12 Security Principles Strategic Treasurer’s 12 Security Principles (S.E.C.U.R.E. C.L.A.M.P.S.) 1. Speed Matters 2. Encryption and Control of Keys 3. Challenge / Verify 4. Update Continuously 5. Readiness / Response 6. Exact and Specific Accountability Management 7. Control / Dual Controls 8. Layers 9. Awareness / Understanding / Testing 10.Monitoring 11.Privilege 12.Secure Removal / Deletion of Data A Strategic Approach to Fraud Prevention & Security • In the modern environment, the best way to fight fraud is to develop a comprehensive controls framework that considers each element of security. • Strategic Treasurer’s 12 security principles expand on the vital elements of security that must be considered for any organization to effectively protect against fraudulent activity. • The first six principles were covered at length in a previous webinar; this presentation will focus on principles 7-12.
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 11 Principle 7: Dual Controls 90% 10% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Yes No Corporates: Does your organization require dual controls for all transactions? Dual Controls • Dual controls refers to the practice of requiring more than one employee to approve/generate a payment. • Makes it harder for criminals to steal funds by requiring multiple employee credentials/approvals. • Currently, a significant majority of corporates are actively using this security practice (see graph on right) Poor Moderate Strong Industry Use: Current State 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 12 Principle 8: Layers Layers • The term “layers” in the context of security refers to the practice of implementing multiple tiers of controls across a given process or area of operation, such as payments. • The intent is that if one layer is compromised, the additional layers will still prevent an attack from succeeding. Sample Layers: Multifactor Authentication In order for a criminal to steal funds, they must possess: The individual credentials of an employee with authority over payment generation. A physical key-fob or token that is unique to each specific employee. If dual controls are involved, the criminal would have to possess this information for TWO employees in order to control the entire process. Poor Moderate Strong Industry Use: Current State • While multifactor authentication is still a relatively new practice, it has seen promising adoption throughout the corporate treasury environment. Fraudulent Transfer Employee Credentials Physical Key Fob Multiple Sets of Information
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 13 Principle 8: Layers 68% 78% 59% 75% 88% 69% 6% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% ACH positive pay* Check (cheque) positive pay* Check (cheque): payee match positive payment* ACH debit block* Segregation of duties in accounts payable Physical check (cheque) controls Other: Corporates: What controls does your organization have to prevent payment fraud? (Select all that apply) Security Layers • Besides multifactor authentication, a “layered” approach to security could consist of other elements. • Combining segregation of duties with positive pay services and other security tools provides a fresh layer of security at each “juncture” in the payments process. • This practice results in multiple points where fraud can be identified and thwarted. 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 14 Principle 9: Awareness / Understanding / Testing Awareness / Training / Testing • This principle focuses on ensuring that treasury staff are routinely educated and updated with regards to best practices for security, and also new fraud developments. • While many organizations emphasize the “technology” components of security, staff training and testing commonly falls to the wayside. Awareness Testing Training • What types of fraud are corporates experiencing? • What specific exposures should we be concerned about? • What types of attacks should I be wary of? • How can I keep my company credentials and data safe? • What should I do in the event of a fraud attack? • Deliver “Fake” phishing emails to staff and evaluate their response. • Provide written tests/quizzes on security policies/procedures to determine employee susceptibility. Poor Moderate Strong Industry Use: Current State • While practically all banks require regular training and testing of their employees on security and fraud, less than half of corporates do the same.
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 15 Principle 9: Awareness / Understanding / Testing 25% 14% 27% 32% 3% 0% 5% 10% 15% 20% 25% 30% 35% Formally assign roles and have a regular reporting cadence to the group. Informally have select people monitor fraud instances and stay current based upon area or type of fraud. When needed we will address fraud attempts and monitor developments. It is a general responsibility. Not delineated in formal job descriptions. Other: 10% 65% 69% 36% 7% 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% Nothing formally We provide training on avoiding We provide occasional communication on what to do/avoid doing We have test emails sent to see who is following the training Unsure Other Corporates: For assigning responsibility to track fraud and stay current on development, we: Corporates: For managing phishing/clickbait attacks, we do the following: (Select all that apply) 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 16 Principle 10: Monitoring User / Employee Monitoring • Many technology solutions available today have built-in functionality that allows an administrator to monitor employee / user activity that occurs through the system. • This can help detect erroneous behavior and also trace criminal activity back to specific individuals or accounts. Banks Corporates • Bank policies around security and fraud tend to be more stringent than their corporate counterparts. • Banks are also more advanced with their security techniques and fraud prevention strategies. • Currently, over 3/4ths of banks have the ability to monitor user behavior on their system, either in real-time or after the fact. • While corporates have been investing heavily in security controls, they have not kept pace with banks. • Currently, less than 1/3rd of corporates can monitor user behavior in their system. Poor Moderate Strong Industry Use: Current State • While the banking sector has done well to adopt user monitoring software, implementation of such solutions on the corporate side has not followed suit.
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 17 Principle 10: Monitoring 70% 20% 86% 14% 2% 0% 20% 40% 60% 80% 100% Alerts/triggers (detects and alerts to abnormal action or behavior) Alarms (response is required to deactivate) Audit trails Visual replay (replays screen by screen the suspicious behavior/actions taken by user) Other: 21% 11% 23% 45% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Yes, in real-time Yes, after the fact No Unsure Corporates: We have these capabilities to monitor anomalous or suspicious behavior within our system(s): (Select all that apply) Of those that selected “yes” to previous question Corporates: Do you have technology implemented to proactively monitor anomalous or suspicious behavior within your system(s)? 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 18 Principle 11: Privilege Principle of Least Privilege • The principle of least privilege involves restricting access to any sensitive information to only those employees that MUST have it, and ONLY for as long as they must have it. • If such information is not critical to the day-to-day functioning for a specific employee, they should not be granted access. Bank Account Details System Credentials Poor Moderate Strong Industry Use: Current State • Most organizations today employ some form of this principle, even if such practices are undefined or informal. Sensitive Information to Withhold Financial Reports
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 19 Principle 11: Privilege 56% 46% 46% 48% 25% 11% 4% 0% 10% 20% 30% 40% 50% 60% Signature / approval authority for bank accounts Access to confidential corporate data Access to confidential personal information Removing access immediately if roles or needs changes I don't know what this means I don't know if we do We do not employ this principle Principle of Least Privilege • Approximately half of organizations employ the principle of least privilege in at least one of it’s various forms. • 1/4th of corporate respondents were unsure of what the term referred to; however, this does not necessarily mean they were not employing it. • 11% were unsure of their company’s status on this principle. • Only 4% could say with certainty that their firm does not employ this principle. We intentionally employ the principle of least privilege for: (Select all that apply) 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 20 Principle 12: Secure Removal & Deletion of Data Removing / Deleting Data • While sensitive data must always be kept secure, there comes a time when such information must be cleared. • Improper management of this step could be devastating if files are not completely destroyed or if they are misplaced. • Remember to clearly document when records are deleted to establish audit trails, and assign a witness to view and “sign off” on the deletion/removal process. Vendor Master Records Bank Account Records Financial Statements Account Signatories Check Stock Poor Moderate Strong Industry Use: Current State • Data removal processes across the corporate landscape vary; some have clearly defined practices in this arena, while others perform it on an “ad-hoc” basis Areas to Consider: Sensitive Information
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 21 Principle 12: Secure Removal & Deletion of Data 39% 29% 11% 3% 4% 15% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 1 week 1 month 3 months 6 months Other: There is no set timeframe Removal & Deletion of Data • An area of data removal that is particularly important for treasury lies around account signers. • Account signers are typically treasury staff with privileged access to payment systems and bank account data. • When employee turnover for one of these positions occurs, it is vital that the company quickly update their records to reflect the changes. • The longer it takes to reflect such changes, the more exposed a company is through falsified signatures. Corporates: What is the normal time frame for updating signers on bank accounts when an employee leaves the company? Within… 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 22 Final Thoughts Key Takeaways for Treasury: Fraud Experience Continues to Escalate. Since 2016, corporate fraud experience has risen steadily from 40% to 57% of organizations. Today’s Criminal is Sophisticated and Persistent. It is not just simple check fraud that criminals are using to target firms. Today’s fraudulent schemes have become incredibly complex and technologically advanced. The Security Response Must be Comprehensive. Given the current fraud environment, companies have no choice but to adopt security layers and controls that comprehensively cover all exposures and access points. Take Action Proactively…Do Not Wait. Plugging a gap after a criminal has exposed it is still too late. Be proactive in identifying and correcting weaknesses before a criminal identifies them.
Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. Thank you for participating in this event! Debbi Denison Senior Consultant Email: debbi.denison@strategictreasurer.com Craig Jeffery, CCM, FLMI Founder & Managing Partner Email: craig@strategictreasurer.com Sign-Up for Strategic Treasurer’s Exclusive Webinar List
Combating Fraud: Six Principles for Security

Recommandé

Using Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic AuditUsing Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic AuditFraudBusters
 
Detecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data AnalysisDetecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data AnalysisFraudBusters
 
A Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud OpportunitiesA Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud OpportunitiesWhitleyPenn
 
Fraud Management Solutions
Fraud Management SolutionsFraud Management Solutions
Fraud Management SolutionsSAS Institute India Pvt. Ltd
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring SolutionBen Omoakin Oguntala, developingafrica(dot)net
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud ManagementManish Desai
 
Leading Compliance Monitoring Activities to Assess Fraud and Corruption Risks
Leading Compliance Monitoring Activities to Assess Fraud and Corruption RisksLeading Compliance Monitoring Activities to Assess Fraud and Corruption Risks
Leading Compliance Monitoring Activities to Assess Fraud and Corruption RisksRachel Hamilton
 

Recommandé

Using Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic AuditUsing Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic AuditFraudBusters
 
Detecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data AnalysisDetecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data AnalysisFraudBusters
 
A Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud OpportunitiesA Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud OpportunitiesWhitleyPenn
 
Fraud Management Solutions
Fraud Management SolutionsFraud Management Solutions
Fraud Management SolutionsSAS Institute India Pvt. Ltd
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring SolutionBen Omoakin Oguntala, developingafrica(dot)net
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud ManagementManish Desai
 
Leading Compliance Monitoring Activities to Assess Fraud and Corruption Risks
Leading Compliance Monitoring Activities to Assess Fraud and Corruption RisksLeading Compliance Monitoring Activities to Assess Fraud and Corruption Risks
Leading Compliance Monitoring Activities to Assess Fraud and Corruption RisksRachel Hamilton
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud managementrkappear
 
Vc us v4.0
Vc us v4.0Vc us v4.0
Vc us v4.0FixNix Inc.,
 
Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001Matthew Olney
 
Third-party governance and risk management: 2018 Global Survey
Third-party governance and risk management: 2018 Global SurveyThird-party governance and risk management: 2018 Global Survey
Third-party governance and risk management: 2018 Global SurveyDeloitte United States
 
In the news
In the newsIn the news
In the newsRob Wilson
 
Enterprise Fraud Management: How Banks Need to Adapt
Enterprise Fraud Management: How Banks Need to AdaptEnterprise Fraud Management: How Banks Need to Adapt
Enterprise Fraud Management: How Banks Need to AdaptCapgemini
 
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...Kenny Ong
 
Lets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixLets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixFixNix Inc.,
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...Craig Taggart
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...Craig Taggart MBA
 
The hospital of the future
The hospital of the futureThe hospital of the future
The hospital of the futureDeloitte United States
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudFraudBusters
 
Enterprise Fraud Risk Management
Enterprise Fraud Risk ManagementEnterprise Fraud Risk Management
Enterprise Fraud Risk ManagementTommy Seah
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgCMR WORLD TECH
 
Process automation: What it means for the future of controllership
Process automation: What it means for the future of controllershipProcess automation: What it means for the future of controllership
Process automation: What it means for the future of controllershipDeloitte United States
 
Securing Treasury Technology: Using ROI to Pave the Way
Securing Treasury Technology: Using ROI to Pave the WaySecuring Treasury Technology: Using ROI to Pave the Way
Securing Treasury Technology: Using ROI to Pave the WayStrategic Treasurer
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsPerficient, Inc.
 
Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special LectureEmployees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special LectureKenny Ong
 
Fraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityFraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityStrategic Treasurer
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Healthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber ResilienceHealthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber Resilienceaccenture
 

Contenu connexe

Tendances

Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud managementrkappear
 
Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001Matthew Olney
 
Third-party governance and risk management: 2018 Global Survey
Third-party governance and risk management: 2018 Global SurveyThird-party governance and risk management: 2018 Global Survey
Third-party governance and risk management: 2018 Global SurveyDeloitte United States
 
Enterprise Fraud Management: How Banks Need to Adapt
Enterprise Fraud Management: How Banks Need to AdaptEnterprise Fraud Management: How Banks Need to Adapt
Enterprise Fraud Management: How Banks Need to AdaptCapgemini
 
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...Kenny Ong
 
Lets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixLets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixFixNix Inc.,
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...Craig Taggart
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...Craig Taggart MBA
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudFraudBusters
 
Enterprise Fraud Risk Management
Enterprise Fraud Risk ManagementEnterprise Fraud Risk Management
Enterprise Fraud Risk ManagementTommy Seah
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgCMR WORLD TECH
 
Process automation: What it means for the future of controllership
Process automation: What it means for the future of controllershipProcess automation: What it means for the future of controllership
Process automation: What it means for the future of controllershipDeloitte United States
 

Tendances (16)

Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud management
 
Vc us v4.0
Vc us v4.0Vc us v4.0
Vc us v4.0
 
Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001
 
Third-party governance and risk management: 2018 Global Survey
Third-party governance and risk management: 2018 Global SurveyThird-party governance and risk management: 2018 Global Survey
Third-party governance and risk management: 2018 Global Survey
 
In the news
In the newsIn the news
In the news
 
Enterprise Fraud Management: How Banks Need to Adapt
Enterprise Fraud Management: How Banks Need to AdaptEnterprise Fraud Management: How Banks Need to Adapt
Enterprise Fraud Management: How Banks Need to Adapt
 
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Ri...
 
Lets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixLets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNix
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
 
The hospital of the future
The hospital of the futureThe hospital of the future
The hospital of the future
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
 
Enterprise Fraud Risk Management
Enterprise Fraud Risk ManagementEnterprise Fraud Risk Management
Enterprise Fraud Risk Management
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xg
 
Process automation: What it means for the future of controllership
Process automation: What it means for the future of controllershipProcess automation: What it means for the future of controllership
Process automation: What it means for the future of controllership
 

Similaire à Combating Fraud: Six Principles for Security

Securing Treasury Technology: Using ROI to Pave the Way
Securing Treasury Technology: Using ROI to Pave the WaySecuring Treasury Technology: Using ROI to Pave the Way
Securing Treasury Technology: Using ROI to Pave the WayStrategic Treasurer
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsPerficient, Inc.
 
Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special LectureEmployees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special LectureKenny Ong
 
Fraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityFraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityStrategic Treasurer
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Healthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber ResilienceHealthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber Resilienceaccenture
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863IBMgbsNA
 
Healthcare Providers: 2018 State of Cyber Resilience
Healthcare Providers: 2018 State of Cyber ResilienceHealthcare Providers: 2018 State of Cyber Resilience
Healthcare Providers: 2018 State of Cyber Resilienceaccenture
 
State of Cyber Resilience In Australia 2018
State of Cyber Resilience In Australia 2018State of Cyber Resilience In Australia 2018
State of Cyber Resilience In Australia 2018Accenture Australia
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupLaurent Pacalin
 
Setting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineSetting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineFraudBusters
 
Risk & Advisory Services: Quarterly Risk Advisor May 2016
Risk & Advisory Services: Quarterly Risk Advisor May 2016Risk & Advisory Services: Quarterly Risk Advisor May 2016
Risk & Advisory Services: Quarterly Risk Advisor May 2016CBIZ, Inc.
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trustaccenture
 
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...Craig Taggart MBA
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilienceaccenture
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilienceaccenture
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 

Similaire à Combating Fraud: Six Principles for Security (20)

Securing Treasury Technology: Using ROI to Pave the Way
Securing Treasury Technology: Using ROI to Pave the WaySecuring Treasury Technology: Using ROI to Pave the Way
Securing Treasury Technology: Using ROI to Pave the Way
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
 
Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special LectureEmployees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture
 
Fraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityFraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for security
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
Healthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber ResilienceHealthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber Resilience
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
 
Healthcare Providers: 2018 State of Cyber Resilience
Healthcare Providers: 2018 State of Cyber ResilienceHealthcare Providers: 2018 State of Cyber Resilience
Healthcare Providers: 2018 State of Cyber Resilience
 
State of Cyber Resilience In Australia 2018
State of Cyber Resilience In Australia 2018State of Cyber Resilience In Australia 2018
State of Cyber Resilience In Australia 2018
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite Group
 
Setting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineSetting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud Hotline
 
Risk & Advisory Services: Quarterly Risk Advisor May 2016
Risk & Advisory Services: Quarterly Risk Advisor May 2016Risk & Advisory Services: Quarterly Risk Advisor May 2016
Risk & Advisory Services: Quarterly Risk Advisor May 2016
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trust
 
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimension
 

Dernier

Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPanhandleOilandGas
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateCannaBusinessPlans
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannaBusinessPlans
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfbelieveminhh
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareWorkforce Group
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Adnet Communications
 
BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfDerekIwanaka1
 
Buy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified Binance Account
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdflaloo_007
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsShree Krishna Exports
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030tarushabhavsar
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSpanmisemningshen123
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfwill854175
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAITim Wilson
 

Dernier (20)

Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' Slideshare
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdf
 
Buy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From Seosmmearth
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdf
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna Exports
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 

Combating Fraud: Six Principles for Security

  • 1. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com Combating Fraud © 2018 Strategic Treasurer LLC. Craig Jeffery, Managing Partner, Strategic Treasurer Debbi Denison, Senior Consultant, Strategic Treasurer 6 Key Security Principles – Part 2
  • 2. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 2 About the Presenters Debbi Denison is a senior consultant at Strategic Treasurer responsible for leading client projects and relationships across working capital, cash management, liquidity management, treasury technology, and risk domains. Mrs. Denison has held senior treasury positions with global, multi-national and Fortune 500 corporations in the fields of utility, airline, consumer products and pharmaceuticals. Her leadership experience comprises leveraging technology to proactively identify and implement leading practices with respect to global liquidity, pooling structures, credit card programs and accounts receivable factoring. Craig Jeffery, CCM, FLMI Founder & Managing Partner Strategic Treasurer Debbi Denison Senior Consultant Strategic Treasurer Craig Jeffery formed Strategic Treasurer LLC in 2004 to provide corporate, educational, and government entities direct access to comprehensive and current assistance with their treasury and financial process needs. His 20+ years of financial and treasury experience as a practitioner and as a consultant have uniquely qualified him to help organizations craft realistic goals and achieve significant benefits quickly.
  • 3. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com 3 Topics of Discussion © 2018 Strategic Treasurer LLC.  State of Fraud in 2018 o Corporate Fraud Experience o Security Concerns & Investment Plans  Securing Treasury o The Fraud Battlefield o The Criminal’s Playbook o Human & Technology Components o S.E.C.U.R.E. C.L.A.M.P.S  6 Key Security Principles o Controls – Dual Control o Layers – Multiple Security Layers o Awareness / Understanding / Testing o Monitoring o Privilege o Secure Removal / Deletion of Data  Final Thoughts
  • 4. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 4 State of Treasury Fraud in 2018 Corporates: In the past year, I think that the threat-level of cyber fraud and payment fraud has: 30% 54% 14% 1% 1% 0% 10% 20% 30% 40% 50% 60% Significantly increased Increased Stayed the same Decreased or significantly decreased Unsure 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey Escalated Threat • Comparing 2018 to 2017, the vast majority (84%) of corporate practitioners believe the threat of cyber and payments fraud has increased. • Only 1% believe that the threat has decreased. • These figures highlight the extreme levels of concern towards fraud within the corporate treasury environment.
  • 5. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 5 State of Treasury Fraud in 2018 Have you experienced fraud in the last 12 months? Data excludes “unsure” responses Fraud Experiences Rise • Looking at corporate fraud experiences, it appears that practitioners are correct in their perception that fraudulent threats have increased. • These figures represent a 17% overall increase (40%+ year-over- year) in corporate fraud experience since 2016. • Today, more organizations experience fraudulent attacks than those that don’t. 40% 52% 57% 0% 10% 20% 30% 40% 50% 60% 2016 2017 2018 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
  • 6. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 6 State of Treasury Fraud in 2018 Corporates: Have you experienced any of the following in the past two years? Data excludes “unsure” responses 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey 26% 36% 56% 68% 67% 69% 76% 63% 53% 36% 28% 26% 23% 17% 11% 11% 7% 4% 5% 7% 7% 1% 1% 1% 0% 3% 1% 0% 0% 10% 20% 30% 40% 50% 60% 70% 80% Payment fraud - Business Email Compromise (BEC) / CEO Email Fraud / Imposter Fraud / Social Engineering Fraud Check/cheque forgery Check/cheque conversion fraud ACH fraud Card Fraud (Pcard) Card Fraud (T&E) Wire fraud - system oriented, payment (system access or credential theft) No Some attempts, no success. Yes, we suffered a loss. Yes, we suffered a loss. At least one person was terminated or let go.
  • 7. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 7 The Fraud Battlefield CORPORATE PERIMETER 3rd PARTY INTERIOR ACCESS CONTROL EXTERNAL DATA Employees Sensitive Data Incident Response Employee Management Treasury Security Framework Access Control Banking Design Lockdown Playbook Assessment & Benchmarking Duties & Policies Communications Liability Management CloudSecurityCyberSecurity SegregationofDutiesTransaction&DailyLimits Network Desktop SAN TRANSPORT ACCESS SaaS TMS Banks PartnersTemp/Contractors The Fraud Battlefield: Access Control
  • 8. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 8 The Criminal’s Playbook Steal Funds Directly Get You To Send Funds Take Data and Sell it Lock up data for Ransom Fraud TypeFraud Intent High Payout Low Payout ControlofFraud HighControlLowControl The Criminal’s Playbook: Fraud Types & Associated Intentions Check ForgerySystem Fraud ACH Fraud - Personal Payment Systems AP Vendor Master Record Changes Business Email Compromise Ransomware as a Service Ransomware via Worm Data Breach Surveying the Field: There are a wide variety of fraudulent methods for criminals to select from. If an organization is protected at one juncture, a criminal may move on to target them through another avenue or area of exposure. Due to the ever-evolving playbook of today’s criminal, organizations must be constantly monitoring their operations to locate exposures and identify suspicious activity.
  • 9. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 9 Items to Consider Technology Security Components Human Security Components Antivirus Software Firewall Multifactor Authentication User Monitoring Tools Biometrics Encryption Tokenization SAML 2.0 Security Training (Regularly) Employee Testing (Phishing emails) Whistleblower Policy Clean Desk Policy Dual Controls Segregation of Duties Principle of Least Privilege
  • 10. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 10 12 Security Principles Strategic Treasurer’s 12 Security Principles (S.E.C.U.R.E. C.L.A.M.P.S.) 1. Speed Matters 2. Encryption and Control of Keys 3. Challenge / Verify 4. Update Continuously 5. Readiness / Response 6. Exact and Specific Accountability Management 7. Control / Dual Controls 8. Layers 9. Awareness / Understanding / Testing 10.Monitoring 11.Privilege 12.Secure Removal / Deletion of Data A Strategic Approach to Fraud Prevention & Security • In the modern environment, the best way to fight fraud is to develop a comprehensive controls framework that considers each element of security. • Strategic Treasurer’s 12 security principles expand on the vital elements of security that must be considered for any organization to effectively protect against fraudulent activity. • The first six principles were covered at length in a previous webinar; this presentation will focus on principles 7-12.
  • 11. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 11 Principle 7: Dual Controls 90% 10% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Yes No Corporates: Does your organization require dual controls for all transactions? Dual Controls • Dual controls refers to the practice of requiring more than one employee to approve/generate a payment. • Makes it harder for criminals to steal funds by requiring multiple employee credentials/approvals. • Currently, a significant majority of corporates are actively using this security practice (see graph on right) Poor Moderate Strong Industry Use: Current State 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
  • 12. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 12 Principle 8: Layers Layers • The term “layers” in the context of security refers to the practice of implementing multiple tiers of controls across a given process or area of operation, such as payments. • The intent is that if one layer is compromised, the additional layers will still prevent an attack from succeeding. Sample Layers: Multifactor Authentication In order for a criminal to steal funds, they must possess: The individual credentials of an employee with authority over payment generation. A physical key-fob or token that is unique to each specific employee. If dual controls are involved, the criminal would have to possess this information for TWO employees in order to control the entire process. Poor Moderate Strong Industry Use: Current State • While multifactor authentication is still a relatively new practice, it has seen promising adoption throughout the corporate treasury environment. Fraudulent Transfer Employee Credentials Physical Key Fob Multiple Sets of Information
  • 13. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 13 Principle 8: Layers 68% 78% 59% 75% 88% 69% 6% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% ACH positive pay* Check (cheque) positive pay* Check (cheque): payee match positive payment* ACH debit block* Segregation of duties in accounts payable Physical check (cheque) controls Other: Corporates: What controls does your organization have to prevent payment fraud? (Select all that apply) Security Layers • Besides multifactor authentication, a “layered” approach to security could consist of other elements. • Combining segregation of duties with positive pay services and other security tools provides a fresh layer of security at each “juncture” in the payments process. • This practice results in multiple points where fraud can be identified and thwarted. 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
  • 14. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 14 Principle 9: Awareness / Understanding / Testing Awareness / Training / Testing • This principle focuses on ensuring that treasury staff are routinely educated and updated with regards to best practices for security, and also new fraud developments. • While many organizations emphasize the “technology” components of security, staff training and testing commonly falls to the wayside. Awareness Testing Training • What types of fraud are corporates experiencing? • What specific exposures should we be concerned about? • What types of attacks should I be wary of? • How can I keep my company credentials and data safe? • What should I do in the event of a fraud attack? • Deliver “Fake” phishing emails to staff and evaluate their response. • Provide written tests/quizzes on security policies/procedures to determine employee susceptibility. Poor Moderate Strong Industry Use: Current State • While practically all banks require regular training and testing of their employees on security and fraud, less than half of corporates do the same.
  • 15. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 15 Principle 9: Awareness / Understanding / Testing 25% 14% 27% 32% 3% 0% 5% 10% 15% 20% 25% 30% 35% Formally assign roles and have a regular reporting cadence to the group. Informally have select people monitor fraud instances and stay current based upon area or type of fraud. When needed we will address fraud attempts and monitor developments. It is a general responsibility. Not delineated in formal job descriptions. Other: 10% 65% 69% 36% 7% 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% Nothing formally We provide training on avoiding We provide occasional communication on what to do/avoid doing We have test emails sent to see who is following the training Unsure Other Corporates: For assigning responsibility to track fraud and stay current on development, we: Corporates: For managing phishing/clickbait attacks, we do the following: (Select all that apply) 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
  • 16. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 16 Principle 10: Monitoring User / Employee Monitoring • Many technology solutions available today have built-in functionality that allows an administrator to monitor employee / user activity that occurs through the system. • This can help detect erroneous behavior and also trace criminal activity back to specific individuals or accounts. Banks Corporates • Bank policies around security and fraud tend to be more stringent than their corporate counterparts. • Banks are also more advanced with their security techniques and fraud prevention strategies. • Currently, over 3/4ths of banks have the ability to monitor user behavior on their system, either in real-time or after the fact. • While corporates have been investing heavily in security controls, they have not kept pace with banks. • Currently, less than 1/3rd of corporates can monitor user behavior in their system. Poor Moderate Strong Industry Use: Current State • While the banking sector has done well to adopt user monitoring software, implementation of such solutions on the corporate side has not followed suit.
  • 17. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 17 Principle 10: Monitoring 70% 20% 86% 14% 2% 0% 20% 40% 60% 80% 100% Alerts/triggers (detects and alerts to abnormal action or behavior) Alarms (response is required to deactivate) Audit trails Visual replay (replays screen by screen the suspicious behavior/actions taken by user) Other: 21% 11% 23% 45% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Yes, in real-time Yes, after the fact No Unsure Corporates: We have these capabilities to monitor anomalous or suspicious behavior within our system(s): (Select all that apply) Of those that selected “yes” to previous question Corporates: Do you have technology implemented to proactively monitor anomalous or suspicious behavior within your system(s)? 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
  • 18. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 18 Principle 11: Privilege Principle of Least Privilege • The principle of least privilege involves restricting access to any sensitive information to only those employees that MUST have it, and ONLY for as long as they must have it. • If such information is not critical to the day-to-day functioning for a specific employee, they should not be granted access. Bank Account Details System Credentials Poor Moderate Strong Industry Use: Current State • Most organizations today employ some form of this principle, even if such practices are undefined or informal. Sensitive Information to Withhold Financial Reports
  • 19. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 19 Principle 11: Privilege 56% 46% 46% 48% 25% 11% 4% 0% 10% 20% 30% 40% 50% 60% Signature / approval authority for bank accounts Access to confidential corporate data Access to confidential personal information Removing access immediately if roles or needs changes I don't know what this means I don't know if we do We do not employ this principle Principle of Least Privilege • Approximately half of organizations employ the principle of least privilege in at least one of it’s various forms. • 1/4th of corporate respondents were unsure of what the term referred to; however, this does not necessarily mean they were not employing it. • 11% were unsure of their company’s status on this principle. • Only 4% could say with certainty that their firm does not employ this principle. We intentionally employ the principle of least privilege for: (Select all that apply) 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
  • 20. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 20 Principle 12: Secure Removal & Deletion of Data Removing / Deleting Data • While sensitive data must always be kept secure, there comes a time when such information must be cleared. • Improper management of this step could be devastating if files are not completely destroyed or if they are misplaced. • Remember to clearly document when records are deleted to establish audit trails, and assign a witness to view and “sign off” on the deletion/removal process. Vendor Master Records Bank Account Records Financial Statements Account Signatories Check Stock Poor Moderate Strong Industry Use: Current State • Data removal processes across the corporate landscape vary; some have clearly defined practices in this arena, while others perform it on an “ad-hoc” basis Areas to Consider: Sensitive Information
  • 21. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 21 Principle 12: Secure Removal & Deletion of Data 39% 29% 11% 3% 4% 15% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 1 week 1 month 3 months 6 months Other: There is no set timeframe Removal & Deletion of Data • An area of data removal that is particularly important for treasury lies around account signers. • Account signers are typically treasury staff with privileged access to payment systems and bank account data. • When employee turnover for one of these positions occurs, it is vital that the company quickly update their records to reflect the changes. • The longer it takes to reflect such changes, the more exposed a company is through falsified signatures. Corporates: What is the normal time frame for updating signers on bank accounts when an employee leaves the company? Within… 2018 Strategic Treasurer & Bottomline Technologies Treasury Fraud & Controls Survey
  • 22. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. 22 Final Thoughts Key Takeaways for Treasury: Fraud Experience Continues to Escalate. Since 2016, corporate fraud experience has risen steadily from 40% to 57% of organizations. Today’s Criminal is Sophisticated and Persistent. It is not just simple check fraud that criminals are using to target firms. Today’s fraudulent schemes have become incredibly complex and technologically advanced. The Security Response Must be Comprehensive. Given the current fraud environment, companies have no choice but to adopt security layers and controls that comprehensively cover all exposures and access points. Take Action Proactively…Do Not Wait. Plugging a gap after a criminal has exposed it is still too late. Be proactive in identifying and correcting weaknesses before a criminal identifies them.
  • 23. Advising Clients, Informing the Industry. Connect on StrategicTreasurer.com © 2018 Strategic Treasurer LLC. Thank you for participating in this event! Debbi Denison Senior Consultant Email: debbi.denison@strategictreasurer.com Craig Jeffery, CCM, FLMI Founder & Managing Partner Email: craig@strategictreasurer.com Sign-Up for Strategic Treasurer’s Exclusive Webinar List