Business leaders are under constant pressure to protect their companies’ assets from external and internal thieves, especially low-grade workers who may help themselves to things that don’t belong to them. Sadly, this misconception often saves the company money lost to pilfered stationery, but costs much more when the real thieves – top managers – strike.
“Middle and senior managers are often assumed to be honest and above suspicion when it comes to the risks of internal theft and fraud,” states Amir Lubashevsky, executive director of Magix Integration. “The opposite is actually true. The biggest threat to business comes from the higher management levels.”
Lubashevsky offers the following ten facts all companies should know about their senior management.
* Middle and senior management commit most cases of serious fraud because it is so much simpler for them to access the needed information and areas of the business.
* Senior management can get their hands on sensitive information simply by asking for it. Who is going to refuse to give a senior member of staff the latest accounting data or a list of new customers?
* Authority figures can simply ask for data without justifying their requests. Who will point out to them that they don’t have permission to see or take the data away?
* Senior managers are more familiar to the outside world and are therefore targets for social engineering swindles.
* Senior management do not generally have enough technical knowledge to understand the risks they expose the organisation to when using PCs, laptops and mobile technology. Nor do they understand the danger of social engineering and blowing their own trumpets to strangers.
* Senior managers are forced to trust other “smart people” to give them the information they need to do their jobs. They generally have no idea of how to verify the accuracy of the information.
* Due to workloads, managers tend to delegate sensitive work to people who don’t understand its importance and can compromise security. Alternatively, they blindly delegate to those with a good understanding of it and are planning to exploit it for personal gain.
* How many managers have loud, uncensored cellular conversations or access confidential information via laptop in public places, such as airports or restaurants? While they may feel very important, they are also leaking information to anyone in the vicinity.
* Senior management feel they are too important to suffer restrictions they impose on other people. Their egos expose their organisation to severe security risks by not limiting their access to only what they need.
* While we think lower ranks are the job hoppers today, senior management jumps ship more often than any other level of employee. Moreover, they take large amounts of information with them, some of it very sensitive, with no control over how it is used.
Society tends to assume that managers are above the masses in terms of ethics and trustworthiness, says Lubashevsky. The reality is that management has access to valuable information and assets and is there for a target for criminal syndicates as well as its own greed. Failure to implement the appropriate risk mitigation measures to protect a company from senior staff members that give in to temptation will lead to losses, possibly even the loss of the business.