Countering corruption and fraud in a company
Society has always had a negative attitude towards bribery and fraud - it was punishable by law, condemned by religion and morality, but it was never completely eradicated. Julius Caesar and Emperor Augustus forbade officials to accept golden wreaths from the townspeople, Ivan the Terrible called for publicly cutting the bribe-takers into pieces right on the city square, Peter I offered the death penalty for bribe-takers even for amounts equal to the price of a rope, but those close to the emperor advised: there will not be enough ropes , sir. Virtually not a single Russian classic has avoided the topic of corruption and fraud . The fight against corruption and fraud in the company , society and the state is the leitmotif in the works of Gogol - "The Inspector General" and "Dead Souls", Ostrovsky - "Profitable Place", Lermontov - "Strange Man", Pushkin - "Dubrovsky".
Power and corruption are inseparable and evolve along with relationships in society. Globalization, the development of market relations and the emergence of a capitalist model of society have allowed corruption to become one of the most massive and dangerous phenomena of our time. Corrupt schemes affect power structures, companies and corporations suffer serious losses from fraud .
Who is the main fraudster in Russian companies ?
According to the results of the SearchInform study, ordinary employees steal information more often than others in companies - in 61% of cases, managers - in 17% of incidents. More often in companies, employees and managers steal. Motives - dissatisfaction with the financial situation, revenge, dissatisfaction with the company. Someone, with a shortage of money, will work harder, while others will choose an easier path.
What do ordinary employees profit from? In Russia, a popular method of parasitizing at the expense of the company is “lateral” financial schemes of employees. Here are just a few examples of fraud and corruption in company x (based on 10 years of experience in protecting confidential data):
1. Leaking information for the sake of winning tenders. The logistics specialist poured information at the request of the head of the department. He lobbied for the interests of those contractors who were convenient for the designated leader, and not really beneficial to the enterprise. For a long time, the relationship between a manager and a subordinate looked like this: you help me - and I keep you in good standing; and if not, someone more accommodating will take the place. And soon it happened, but the scenario was different: the employee got tired of the pressure and reported the blackmail to the higher management.
2. Theft of information. One of the most common fraud methods. Leaving her job, the employee decided to merge confidential information onto a flash drive: the company's database , commercial offers and correspondence with customers. The security service detected a threat using DeviceController, talked to an employee who decided to cheat , and she voluntarily erased all data from the flash drive.
3. Sent Cossack. The company got a job as a sales network manager. As with any new employee, the information security service showed increased attention to him, establishing detailed monitoring of his activities. Vigilance was not in vain: the employee turned out to be a "sent Cossack". His main task was to gain access to the accounting documents of the company with the subsequent "leak" of information from a competing company .
4. Theft on demand. An employee of the purchasing department of a trading company did not calculate her financial capabilities and went overboard with a mortgage. A rival firm offered to pay off its debt in exchange for confidential information about the company 's contracts with major clients.
5. "Mirroring" of traffic. Through efforts The IT specialist's main competitor knew about every strategic decision of the company. The employee connected an additional e-mail box to the corporate mail, which duplicated letters from two top managers - commercial and general directors.
Top managers are characterized by the following corruption and fraud motives :
- thirst for financial gain;
- craving for power, highlighting your authority;
- pressure from shareholders;
- desire to help the company succeed;
- desire to avoid losses: profit, job, prestige.
Cases of fraud of top managers of companies
1. Trade in personal data. The bank revealed a suspicious trend of systemic customer churn. With the help of SearchInform DLP, a letter was found in which the head of the legal department passed information to competitors. He leaked confidential customer information that helped rival banks offer better terms of service to lure them over to his side. Losses from such activities of the head were calculated in tens of millions of rubles.
2. Distribution of drugs. The HR director, using the company's resources, organized a scheme for drug trafficking to the regions. Prohibited substances were thrown into cars along with common goods. Unsuspecting drivers became unwitting accomplices, delivering "additional" cargo. Criminal activity has put the entire company at risk. With the help of SkypeController, it turned out that the leader of the group managed the wholesale purchases of drugs and their further distribution using social networks using code words. The collected information was passed on to law enforcement agencies.
3. Lobbying the interests of the supplier. The CEO of one of the offices of a large oil company actively lobbied for the interests of one organization in procurement tenders. An investigation into the incident confirmed the CEO received $ 10 million from the company that supplied the equipment.
Anti-corruption and anti-fraud tools
Information technology is an effective tool in the fight against corruption and fraud. It is necessary to control popular information channels, the interaction of employees within the team and monitor the points of contact of the organization with contractors. Fraud schemes are improving, and data theft still occurs, so you need to work proactively:
- Sign a nondisclosure agreement with employees. This simple technique will scare potential fraudsters with serious consequences.
- Control popular information channels: e-mail, http traffic, instant messengers, external media, moving files within the company, transferring files to cloud storage, documents sent to print.
- Monitor the extracurricular activities of the staff. Do employees take work home? Lingering in the office? Are they coming out on weekends and holidays?
- Calculate what employees are doing. They can spend time on part-time jobs, violate work regulations, pretend to be working, but in fact play solitaire.
- Analyze email traffic. Suspicion should be caused by a sharp increase in the number of letters between employees who are not connected to work processes.
- Select "risk groups" among employees. These are employees of sales or purchasing departments, people prone to alcoholism or drug addiction, quitting or dissatisfied employees. The simplest thing is to install a DLP system and track fraudulent schemes in correspondence using keywords.
- Separate the IT department and the information security department. Everyone should be responsible for their own tasks. Aichi department should not deal with information security.
- Limit access to confidential information.
- Be careful when hiring people for the company, use profiling technology. It will help to recognize lies and determine the level of honesty of a person.
Companies have a chance to conduct business honestly, get rid of corruption and unfair competition. The use of systems for preventing data leaks and programs for monitoring employees will minimize the risks of fraud and corruption within the company, focus on increasing profits, quality products and optimizing work.