Skip Navigation Links

Carry out a database audit to deter fraud

Many organizations are paranoid about security. They think that their business risks are hackers from outside. They do not trust outside service providers, such as Cloud services, or external consultants. They do not realize that their biggest risks are their own employees.

The employees could steal money (like in this case) or sell sensitive data to outsiders (as has happened in DBS Bank in Hong Kong).

They employees can also take company secrets with them when they move to the competitor.

Companies should adopt a new paradigm in the way they see this kind of risk. They should allow outside consultants or auditors to access and audit their database. They should not trust their staffs and give them exclusive access to the database. 

I suggest that an external consultant be approached to carry out a database audit an annual or more frequent interval. If the external consultant can access the database, the internal staffs will be deterred from committing this kind of fraud as there is a risk of being detected. 

To protect confidentiality of data, the name and identification of the customers can be masked when the database is sent to the external consultant. The consultant is required to sign a confidentiality and privacy document.