Firms lax on fraud prevention

Companies are failing to take the most basic precautions to stem a rising tide of computer fraud and abuse, according to a recent report from the Audit Commission.

The commission survey of 900 public and private sector organisations, found 45% suffered from computer fraud and abuse – up nearly 10% from four years ago. Losses from fraud climbed to #35,000 per incident last year from #28,000 in 1994.

Virus infection heads the list of computer abuse, costing an average of #1,700 to put right. Corporate hacking is also spreading fast, with reported incidents trebling.

But this fraud is not usually the work of IT sophisticates. The survey reveals over half of detected frauds occur due to a lack of basic controls and are only found by accident.

The report stressed that basic safeguards such as anti-virus software costing as little as #25 per PC can largely avoid costly IT headaches.

It also recommended establishing a data security policy, improving staff awareness on IT issues and making one person responsible for internal anti-fraud measures and regular internal audit procedures.

‘Organisations are increasingly dependent on IT,’ said Andrew Foster, controller of the Audit Commission. ‘The issue deserves greater manager attention in order to prevent further losses to the public purse.’

Peter Cooke, head of risk management services at Coopers & Lybrand, echoed the commission’s concerns. ‘We’ve looked across a whole range of surveys and have been surprised at the seniority of people committing fraud for relatively small amounts,’ he said. ‘Why would someone with a company for 20 years commit a fraud of #2,000?’

Cooke said firms need to guard against suspect investment schemes marketed over the Internet. ‘It’s hard to get any money back from fraud investigation,’ he warned.

Related reading