Computer and Internet Frauds – in times of Pandemic – Lessons from Working from Home and Fraud Examiners Manual!
Nakul Saluja, CA, CFE
Computer networks and communications are inherently insecure and vulnerable to attack and disruption. Consequently, management must use technical and administrative controls to protect systems against threats like unauthorized use, disclosure, modification, destruction, or denial of service. Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices. Administrative security involves the use of tools to provide an acceptable level of protection for computing resources.
Common technical and administrative controls used to secure computer systems and communication networks include:
- Logical access controls
- Network security
- Operating system security
- Application security
- Separation of duties
The following measures can help avoid infection from a malicious program:
- Use anti-malware software to scan all incoming email messages and files.
- Regularly update virus definitions in anti-malware programs.
- Use precaution when opening emails from acquaintances.
- Do not open email attachments unless they are from trusted sources.
- Only download files from reputable sources.
- Regularly update the operating system.
- Regularly update with the latest security patches available for the operating system, software, browser, and email programs.
- Ensure that there is a clean boot disk to facilitate testing with antivirus software.
- Use a firewall and keep it turned on.
- Consider testing all computer software on an isolated system before loading it.
- In a network environment, do not place untested programs on the server.
- Secure the computer against unauthorized access from external threats such as hackers.
- Keep backup copies of production data files and computer software in a secure location.
- Scan pre-formatted storage devices before using them.
- Consider preventing the system from booting with a removable storage device; this might prevent accidental infection.
- Establish corporate policies and an employee education program to inform employees of how malware is introduced and what to do if malware is suspected.
- Encourage employees to protect their home systems as well. Many malware infections result from employees bringing infected storage devices or files from home.
Can you suggest other measures, internal controls or mitigation strategies? Comment below and let us know!
References : Fraud Examiners Manual (ACFE)