Ripped straight from Slashdot, we have some post-incident analysis of the losses at French bank Société Générale. Was the failure of a simple IT chore to blame?
Société Générale has released a few technical details about how trader Jerome Kerviel managed to lose €4.9 billion (USD$7.3 billion). It turns out that he was able to bypass many controls by “misappropriating passwords.” Now we don’t have many details on how he obtained all of these passwords, but I can guess. Kerviel started in the back office of the bank in 2005 and moved to the front office. I would guess that when the additional access was granted, there was no review to see what access should be disabled.
Lets review some common red flags that you should be aware of to prevent fraud in your organization:
- Employees who seem overly dedicated, never take a vacation, always working later than other people in similar positions
- Employees who have access privileges that relate to job functions they no longer perform
- Employees who share their passwords
What can you do to prevent fraud?
- Employees should be required to take vacation periodically
- Closely review transactions that are completed on holidays and weekends
- When an employee changes jobs, ensure that they do not retain the privileges that relate to their prior position
- Change passwords periodically
- Work with management to make security part of the process and not an impediment
Related articles:
- Bank of India Breach Looks like the Bank of India was hit and caused users to be redirected to a malicious site which then...
- Mobile Phones as Keyfobs? A new option offered by Bank of America offers customers the ability to use their mobile phones to make online...
- Should CIOs Heads Roll? Imprisoned hacker Robert Moore says it was child’s play to dig into thousands of corporate systems because most IT groups...
- Identity-Based Computing Identity-based computing is the concept of treating all network objects, human and machine alike, in the same way and applying...
