3 paragrapghs and 3 references per discussions
Answer this question
Locate the video titled Protecting Data and Intellectual Property on the ACFE website at http://www.acfe.com/vid.aspx?id=4294987506 and post your comments regarding how easy it appears to be to obtain data from employees. How would you prevent this from happening in your past, current, or future workplace? Discuss your ideas with at least 1 other classmate.
In the video, Protecting Data and Intellectual Property, Mr. Gill spoke about several methods of obtaining data from employees. The one that struck me was the cloud because everyone uses some form of the cloud to store both personal and professional data. Mr. Gill put it into perspective when he stated, “That information can now be downloaded and used by whoever I give access to” (Gill, 2015, 3:25). Many employees do not realize how dangerous it could be if they allow access to company files stored on the cloud. In my current position within the school district, I have come to realize just how much data, documents, and files are stored on Google Drive. Rest assured that there is no personal student, family, or personnel information stored on the drive. But much like with a company, the “business” of a school may be on there and could be used or changed without their knowledge or direct permission.
A breach of digital data is the same as any other fraud and requires a tightening of controls. “Stricter due diligence or control procedures can enhance fraud prevention” (Gannaway, 2013, p. 12). With the possibility of thousands of employees gaining access to files stored on the cloud, due diligence and internal controls is a top priority. Obviously password access must be granted but then personnel usage and viewing must be monitored closely. Limiting employees to only the files necessary for them to perform their duties is another control to aid in prevention. Segregating the duties of how files are put onto the cloud, accessed, used, edited, etc. will do much the same as it does in a traditional office setting in preventing fraud.
Another control that seems to get overlooked is the implementation of a code of conduct. “Creating a code of conduct that defines acceptable business practices, along with conducting annual (or more frequent) entity-wide training sessions, can go a long way toward establishing a low-tolerance atmosphere and keeping borderline fraudsters from acting on their impulses” (Gannaway, 2013, p. 12). Simply putting a code of conduct into place is not enough to prevent fraud without employee training and education. When employees are aware of what constitutes fraud or unacceptable conduct and the consequences of such actions they are more likely to steer clear of fraudulent behavior. Educating employees on the proper way to handle seemingly normal inquiries and requests as well as the red flags of a scam will not only help fight fraud in their professional life but their personal as well.