fourteen years in the information technology industry.Read more
fraud library is your first stop to find free research.
Read more 
Read more Press Release - Layoffs? Watch Out.
eCommerce Fraud Consulting Services
News Feeds, events and Seminars
For more information on our articles contact us at blog@fraudpractice.com.
 |
Layoffs? Watch Out.
Don't learn the hard way about what a disgruntled employee is capable of doing.
Red Bank, Feb. 2/The FraudBlog Newsletter/- While it isn't easy to do layoffs and it is uncomfortable for most managers to perform; don't let your discomfort be the cause of a potential hack or malware attack from a disgruntled employee. As ZDNet's Larry Dignan reported, Fannie Mae almost learned the hard way what a disgruntled employee could do to a company. In this case a contractor, who had root access to their servers, was let go recently but his root level access was not removed. This individual planted malware that would have shut down all of their systems. The impact would have been enormous.
The following is not intended to be a complete list. It is a starting point for managers to start thinking about protecting their company's exposure in the sensitive area of payments and fraud. If you are letting people go that work in your payments and fraud departments you should consider:
- (Prior to them being notified) - perform an access assessment of the individual:
- What access did they have to sensitive data?
- How much do they know about your fraud settings and controls?
- Are they aware of weak spots in your systems?
- (When you notify them) -perform a formal notification:
- Remind them of confidentiality agreements and their obligations.
- Have them sign off on the access assessment.
- Shut off their access to any corporate systems that have sensitive data or are a part of payment processing.
- (After they have left) - perform audits:
- Look at anything they may have accessed in the weeks leading up to their departure for signs of abuse, misuse or unauthorized access.
- In the event of a hack, malware attack or complaint of credit card data breach, you should perform a cursory review of these personnel as part of your investigation.
About The Fraud Practice
The Fraud Practice is a privately held US LLC based in Red Bank New Jersey. The Fraud Practice provides consulting services on eCommerce payments, fraud prevention and credit granting. Businesses throughout the world rely on The Fraud Practice to help them build and manage their fraud and risk prevention strategies. Utilizing best practices and leveraging key partnerships, our team of industry and technical experts offer customers a single source for learning how to design, deploy, review and integrate fraud prevention practices in their business processes and solutions.
Mr. Montague is the founder and President of The Fraud Practice and has spent the last fourteen years working in the eCommerce space, and is well respected for his business knowledge and thought leadership. His background includes an in-depth application of innovative solutions for preventing business to business and business to consumer e-commerce fraud. Prior to founding The Fraud Practice he held positions as the Director of Risk Solutions at CyberSource Inc. and National Principal at IBM Global Services.
Contact:
David Montague
President and Executive Consultant
The Fraud Practice LLC
Toll Free: +1 888 227 0402
Join our mailing list to get your free copy of our bi-weekly "The FraudBlog Newsletter ™"
Property of The Fraud Practice, all rights reserved, no unauthorized duplication, reproduction or distribution without the express written permission of The Fraud Practice.