How to Prevent Internal Fraud
There is no end to the number of "internal frauds" in which personal information or information assets are leaked to outside parties by internal employees or contractors.
In recent years, even unintentional negligence can be considered as internal fraud. Even employees who believe that they would never commit fraud may unintentionally be involved in internal fraud.
Therefore, companies should pay close attention to internal fraud and promote efforts to raise security awareness within the company on a daily basis.
In this issue, we will touch on the causes of internal fraud and explain specific countermeasure points. Managers and those in charge of human resources at companies are encouraged to refer to this article.
What is internal fraud?
Internal fraud is when a person within an organization or company takes, leaks, erases, or destroys confidential information or customer information within the company. Accidental leakage of information is also considered internal fraud.
Incidents caused by information security irregularities (security incidents) can seriously damage a company's credibility if they are reported to the public.
In an age when everyone has easy access to information through the spread of social networking and other means, companies need methods and effective countermeasures to prevent internal fraud before it happens. In addition to information leaks, internal fraud also includes embezzlement of money, illegal overtime work, and nonpayment of wages.
Back to ContentsBackground of Attention to Internal Fraud Countermeasures
With the enforcement of the revised Personal Information Protection Law in April 2022, companies are now obligated to report information leaks, whereas previously it was an obligation to make an effort.
Next, let's look at the specific context in which internal fraud prevention is gaining attention.
Feel internal fraud is a threat
The fact that society perceives internal fraud as a threat is a major reason for the attention.
IPA (Information-technology Promotion Agency, Japan)Ten Major Threats to Information Security 2020According to the "Information Leakage Due to Internal Fraud" was ranked second in the organization category.
Because of the threat, even when internal fraud is discovered within the company, it is often not disclosed for fear of publicity.
Unclear security measures of contractors
Next is the lack of transparency in the security measures of the outsourced companies.
The following cases have occurred in the past as a result of neglecting information management of contractors and throwing their operations under the bus.
- A subcontractor re-consigned the business to another business, resulting in the leakage of my number information.
- Information e-mail was mistakenly sent, and e-mail addresses of registered corporations for related services were leaked.
- USB memory stick containing residents' personal information was taken by a company to which the company had outsourced the work without permission and later discovered to be missing.
If you hire a company that underestimates information security or does not have third-party certification, this kind of internal fraud could occur.
In addition, overseas contractors may not be fully aware of internal fraud due to differences in culture, values, and security budgets. Vormetric, an industry leader in data security solutions2015 Vormetric insider threat report."found that approximately 89% of foreign respondents indicated that their companies were vulnerable to internal fraud.
While outsourcing work to third parties is an effective management strategy, companies must ensure that security controls (outsourcing partner management) are in place.
Back to ContentsTypes of internal fraud
Internal fraud is not limited to information leaks and leaks.
The following matters may also be punishable as internal fraud
corporate embezzlement
Embezzlement in the course of business is the act of embezzling from another person's property in one's possession in the course of one's duties. Specific means include the following
- dressing down of expenses
- Theft of equipment
- illegal remittance
- Private use of company credit cards/miles, etc.
It is not only an internal fraud by an individual, but can also be committed by an entire organization, including upper management and outside firms. Regardless of the amount, embezzlement of money is an act that directly damages a company's economic assets.
Harassment
Harassment is harassment that makes someone feel uncomfortable by words or actions that do not conform to their wishes.
Specifically, the following types of harassment include
- bullying
- sexual harassment
- maternity harassment
- workplace mobbing
- Alcohol harassment, etc.
Perpetrators of harassment often take advantage of hierarchical relationships and differences in position. Harassment is characterized by a blow to human resources, forcing the harassed employee to take a leave of absence or resign.
Labor Standards Act
Violation of the Labor Standards Law, such as failure to pay overtime and wages, is also an internal corporate wrongdoing. Violations not only damage the company's credibility in society, but may also result in claims for damages from employees.
In some cases, refusal to submit to on-site inspections and corrective action reports by labor standards inspectors may result in a documented case of prosecution.
Back to Contentsmalpractice within a companyoccursThree Factors
We have mentioned various types of internal fraud, but in recent years, information leaks have become a particular problem. The spread of telework and social networking has had a major impact.
Corporate information leaks are caused by three factors
(1) Technical Factors
The first is a technical factor. If internal information security is weak, passwords can leak.
Employees who are not originally authorized will be able to access the information, which will increase the risk of internal fraud.
Some companies also do not record history in their operation logs. If you are using a system that does not track who accessed the information, it will be difficult to detect and trace the route of any internal fraud that may have occurred, and it will take time to investigate.
②Human factors (intentional)
The second is the human factor, which is done with malicious intent: the IPA (Information-technology Promotion Agency, Japan)."Investigating Incidents of Fraud by Organizational Insiders."According to the "Mere Old Man," the factors contributing to internal fraud include motivational and pressure aspects such as "receiving a dismissal that I think is unfair" and "being dissatisfied with my salary and bonuses.
Companies with disgruntled employees are more likely to experience intentional information leaks.
Human factors (human error)
The third is human factors such as mistakes. This includes mishandling of information, loss of files or USBs, etc.
The background for the occurrence of human error may be a lack of knowledge or experience of the parties involved, or undertaking work that exceeds their capacity.
Back to ContentsSpecific Information Leakage Countermeasures
What measures can companies take to prevent internal fraud?
Here we will look specifically at various countermeasures.
Increased internal monitoring
Strengthen monitoring to prevent information leaks from your company.
Specifically, the following security enhancements are available
- Management of access records
- Management of records of terminals taken out of the country
- Send security alerts
- Access log management and monitoring
- Detection of unauthorized access, etc.
When strengthening internal monitoring, it is important to establish mutual monitoring rules and distribute authority so that authority is not biased toward specific employees. Strengthening internal monitoring not only prevents employee fraud, but also reduces the burden on the system administrator.
Use the internal fraud checklist.
It is also effective to create a checklist to ensure that critical information is managed and operated correctly and that employees are properly trained. If it is difficult to create such a checklist in-house, please contact the IPA'sGuidelines for the Prevention of Internal Misconduct in Organizations.You may also download externally provided check sheets available at
By actually listing and checking the actual situation, you will be able to conduct a fact-finding survey and identify areas where your company's security needs to be strengthened.
Reduce employee workload
Consider reducing the burden on employees. The busier the site, the less time you will have to train your employees on information security due to a lack of manpower.
Rather than conducting large-scale security training several times a year, it may be more effective to provide an environment where employees can take courses on a regular basis in a short period of time. Micro-learning and e-learning programs can be introduced to raise employees' security awareness in a short period of time without difficulty.
Back to ContentsSummary
In this issue, we have explained internal fraud. Today, internal fraud has become an urgent issue, and companies must take measures such as thorough employee security training.
When raising awareness of information security within the company, the "learningBOX ONPlease take advantage of the information security training content in the "Information Security Training" section.
learningBOX ON is an e-learning creation and management system learningBOXThis service allows companies to easily add essential training content to the
You can easily design your own original learning courses by combining them with our in-house content.
There will be something you can do to improve your work environment.
▼You may also like:
Back to Contents Back to List