What the Security Manager can do to Prevent White Collar Crime

What the security manager can do to prevent white collar crime
Student:
Institution:
Professor:
What the security manager can do to prevent white collar crime
Introduction
Today’s businesses are exposed to a number of external and internal crimes that cost companies and organizations considerable amounts of money. White-collar crime is undoubtedly multifaceted and complex and there no one specific explanation or theory that could exhaustively explain every form or instance of this type of crime. Even so, white collar crime can be defined as a crime committed by an individual of respect and high status as far as profession is concerned (Croall, 2001). Technology advancement and internet use has grown globally in the recent past. Most organizations today depend on computers for day-to-day tasks, storage of data as well as internet use. People have embraced the same to their homes and kids less than five years can now use computer-related gadgets. The high computer and internet use has attracted computer related crimes like hacking, phishing, child pornography, copyright infringement and fraud among others. Various white collar crimes are committed daily in the United Kingdom and other Western countries, the range of these criminal activities being only by perpetrators imagination. Common white collar crimes include money laundering, embezzlement, bribery, insurance fraud, insider trading, and tax evasion. Others are internet/computer fraud, bankruptcy fraud, counterfeiting, credit card fraud, kickbacks, antitrust violations, healthcare fraud, mail fraud, securities fraud, trade secret theft or economic espionage, public corruption, and telemarketing fraud (Price & Norris, 2009). Some of these crimes are perpetrated on small scale, for instance when people who file for liquidation bankruptcy fail to reveal their personal assets on their petition. It could also be a single fraud that may affect the lives of many people for instance investment frauds that securities brokers may perpetrate. Those who mostly perpetrate this form of crime include managers, CEOs, executives or high-level staff members in some kind of organization or industry (Price & Norris, 2009). A lot of white collar crimes are not easy to prosecute given that those who perpetrate the crime employ highly sophisticated technological means in concealing their mostly intricate transactions (Israel, 2011). This paper critically examines what the security manager can do in order to prevent white collar crime. Scholarly sources including journal articles would be used in examining this subject matter.
In essence, white-collar crime is understood as the offenses intended to generate fiscal gain with the use of some kind of trickery and deception. In most instances, this form of crime is done by individuals who are in the corporate world who, due to their job position, can gain access to significant amounts of money that belongs to other people (Price & Norris, 2009). White-collar crime, in essence, never involves drug-related, violent, or activities that are overtly illicit. Those who perpetrate this crime are commonly involved in otherwise legal business organizations and might hold respectable ranks within the community before their fraudulent schemes are discovered (Price & Norris, 2009).
There is a fallacy amongst the general public that people who are convicted of this type of crimes are treated with leniency. In actual fact, sentences that are handed down for crimes that are purely fiscal could be even be longer compared to sentences that are handed down in cases that involve drugs or violence (Price & Norris, 2009). A critical aspect of this type of crime is the criminal’s motivation. In the twenty-first century, a lot of white collar criminal activities are being perpetrated with the use of the internet or other computer-based technology, and in most instances employing programs that are sophisticated (Israel, 2011). As a result of technological improvements, white collar crime of the coming years would have the capacity to be more anonymous and quicker than ever; this will create the opportunity for virtually the perfect crime (Israel, 2011). Cybercrime is a major white collar criminal activity. Cybercrime is not simply the wave of the future, it has already taken off. In the United States, cybercrime is currently costing its economy up to $120 billion annually and up to $1 trillion worldwide (Cohn, 2014). In 2013, prosecutors got a quick look into the future with the take down of Silk Road – a secretive website which investigators described as the most extensive and sophisticated criminal marketplace on the internet. Even though the case of Silk Road focused on the illicit drug trade, authorities discovered techniques which have the potential to turbo-charge monetary crime (Cohn, 2014).
White collar criminals perpetrate offenses which have victims whose lives are affected very much and sometimes destroyed by these crimes. People no longer view these high-profile criminals as respected and well-regarded individuals who need to be exempted from suitable punishment for the offense (Price & Norris, 2009). The public views these people as being self-centred and motivated by their greed. There is no or little tolerance for criminals who excuse their criminal behaviour by blaming their actions on their superiors’ orders or the culture of their work environment (Cohn, 2014).
How to prevent white collar crime
Use of surveillance systems is one way to monitor and control white collar crimes at workplaces (Deflem, 2008). The security manager is responsible for design and installation of these systems at critical locations in the organization especially stores. This helps to monitor who enters and leaves vital areas of the organizations (Deflem, 2008). In case an area under surveillance becomes a crime scene, the manager should be able to produce the footage to help in investigating the activities that might have taken place prior to the crime incident. Technology comes hand in hand when it comes to recording and storage of both audio and video information that is essential to supporting investigation and prosecution of culprits (Gottschalk, 2010). The security manager should enforce the use of barriers to critical areas of the organization. According to Vacca (2007), biometric equipment can be deployed at entry points and doorways to be utilized in frisking individuals who go into such critical areas like store, finance section, as well as server rooms. CCTV surveillance systems are being upgraded daily to allow inclusion of software technologies that improve facial recognition. A security manager should continually improve the systems as days go by (Vecca, 2007).
In addition to surveillance, current soft technology innovations developed are being used to fight white collar crime. These techniques include offender risk classification tools, bullying identification tools, threat assessment protocols and software programs designed to curb identity theft and data loss (Gottschalk, 2010). A security manager is responsible for conducting research about and installation of current technologies that can aid in preventing white collar crime (Vecca, 2007).
The security manager has the primary role of delivering valuable business services using information technology (IT). In order to secure these services, he/she should develop and maintain efficient processes and procedures that can support ultimate goals and objectives of the organization (Sennewald, 2011). To fight prevalent technological crimes, business systems should maintain data confidentiality, integrity, and availability. The manager should assess, resolve and maintain adequate security requirements in the organization (Ferguson, 2010). Some of the strategies to maintain security include the following: identifying necessary requirements for use in developing secure environment, determine the different types of data and level of safety required to protect the data, document security rules, identify and manage security concerns and risks and respond to security incidents timely and in the right way (Sennewald, 2011). Implementing these improves information security.
The security manager should work together with system administrators and business managers of the organization to achieve a secure working IT environment. He/she should make sure the system administrators are managing security infrastructure within the organization through the following tasks: document details of security configuration solutions, deployment of security solutions, control provision of staff access within the organization, monitor security implementation, evaluate common safety issues in systems and reporting incidences (Parker & Graham, 2011). For the senior managers of an organization to support in decision-making pertaining to security of the company’s information, the security manager should make sure the managers actually understand the role of security information. The top management must understand all the issues that surround corporate information and help in identification of valuable information assets in departments and divisions (McGraw, 2006).
Another key issue in preventing white-collar crime as far as IT is concerned is coming up with effective security programs and policies. A policy is a document outlining certain requirements that must be met by the specified group of individuals like employees in an organization (Parker & Graham, 2011). The security manager must ensure very employee in the organization must strictly adhere to the policies outlined. According to McGraw (2006), the manager needs to come up with security awareness programs to help familiarize all employees with security system. The program should include educating users on how to create strong passwords that cannot be easily hacked. Users should be enlightened on do’s and don'ts that help maintain workstations of the organization (McGraw, 2006). They should be informed on internet and email access policies as well as employee responsibility as far as computer security is concerned (Parker & Graham, 2011).
Procedures regarding reporting incidences and emergencies should be well developed. For system administrators, training should focus on how to configure systems securely, educating users on how to manage accounts and remotely accessing support systems (Karake-Shalhoub, 2010). Awareness about security should reach non-technical and business users as well. The focus should focus on identification of social engineering tactics, establishment and enforce policies to limit downtime and protection of critical business information. Emphasis must be put the impact of viruses, DoS attacks etc., on public relations and how the security standards limit such risks (Karake-Shalhoub, 2010). Apart from the training and awareness, information about tools that monitor internet and email access should be provided by the security manager to all organization staff. Without proper training, a number of employees get this attitude that security policies restrict and interfere with their work. The more the training is done on the safety, the more importance of security is understood (Roper, Grau & Fischer, 2006). The employees realize how they are protected and enabled to work more efficiently. The manager should ensure the policies are readily comprehensible. Flexible policies give the management ample time on deciding on actions to be taken in case of any misbehaviour (Roper, Grau & Fischer, 2006).
The security manager is responsible for logging and monitoring internet activity primarily to enforce the policies and protect the organization. However, the limitation that this may present is that monitoring the online or internet browsing activities of employees without their consent or knowledge may be considered unethical as their privacy may be infringed upon (Ferguson, 2010). The security manager can overcome this limitation simply by informing the company’s employees that all their internet and online activities would be monitored. Any of their worries and concerns with regard to this issue should then be addressed satisfactorily (Ferguson, 2010).
In the recent past, tools that help in filtering, monitoring and reporting are available and inexpensive to implement. Programs such as WebSweeper, Websense and SurfControl are very useful when it comes to filtering and monitoring internet activity on a network (Roper, Grau & Fischer, 2006). Filtering is achieved by creating policies to block access to specific sites that are suspiciously malicious. Different policies can be applied on the various groups or departments in order to regulate internet access during given hours of a working day (Cullen & Wilcox, 2010). These programs can generate reports about browse time, sited visited, type of sites visited, etc. Logs and stored audit trails of staff activities help the organization in creating potential evidence that can be used against disgruntled employees who may attempt any technical acts (Roper, Grau & Fischer, 2006).
Implementation of the above systems only is not enough; there should be regular auditing of the same to assess any vulnerabilities and breaches (Heil, Bennis & Stephens, 2000). External IT auditing firms are encouraged to conduct the organizations audits to avoid any flaws in ...