Still traveling through Australia and today, working in Canberra in the Southeast.  One of my workshop attendees from a session we did in Colorado passed a great story along to me.  A couple of key points here:

–          This story covers a crime committed against Family First Credit Union in Orem.

–          Over a million dollars was siphoned off over the a year’s time

–          The criminal – their IT outsource company;  however, this time it was  a principle of the company

–          The criminal “Would not have been caught”, if the financial person at the IT provider company had not come forward with evidence.

A couple things we should take away from this.

–          First, if you’re providing IT services, make sure you’re company is doing background checks on consultants before hiring them.  Also hire people of outstanding character.

–          Many smaller companies have one IT person (maybe two) who has access to everything.  If they know what they’re doing, they can siphon off money just like this man.  Once they understand the system, they have the rights, it’s not hard.

–          Every company should have controls in place that detect data leakage and misuse.

Check out the full story here: http://www.heraldextra.com/content/view/305595/18/

In another article I received this morning (it’s Friday morning here) from a colleague at Reclamere,  a study showing how often internal people rip off their employers when things aren’t going well.  The study shows that well over half of those asked, admitted that they have taken data, corrupted systems, or committed some type of cybercrime against their employer after being passed up for a promotion, not receiving enough of a raise, or let go.  Read more at http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1356147,00.html