Low-probability, high-impact events are something that most individuals and organizations would rather ignore. After all, chances are it won’t happen to you. Serious workplace violence events, active shooter incidents, and other unsavory threats are on the rise but it’s easier to assume it will happen to someone else. We don’t want to think about our own mortality or that of our organizations. Instead, we hope it won’t happen to us, to our employees, to our customers, or to our communities.
The ultimate goal of any security program is to manage and mitigate risks. What do we mean by risk? In its broadest sense, risk can be defined as the likelihood of loss of anything having value, including people, facilities, information, equipment, and reputation. In a sense specific to security and loss prevention, risk is the probability that a particular threat will exploit a given vulnerability, leading to an unwanted result.
Knowing your risks is the obvious first step. But what is the best approach? And where do you go from there? Here are some key considerations:
Identifying Threats
First and foremost, identifying the threats to your business is instrumental. It is likely that your institution already has experience with a number of risk factors, but it is important to understand the rate in which new threats arise. It is crucial, therefore, to monitor emergent threats targeting your industry. This can often be accomplished by reading trade publications, engaging in discussions at industry conferences and loss prevention forums, and by obtaining case studies. Also, a number of sources provide crime metrics, some of which are industry specific, and can be very beneficial in identifying threats. … Continue reading
As 2015 comes to a close, we are pleased to share our most popular articles from the Risk Management Blog in 2015.
1. 4 Red Flags of Money Laundering or Terrorist Financing
One of the most important aspects of BSA/AML compliance is the responsibility it places on regulated financial entities to report suspicious transactions. This responsibility requires an organization to be able to monitor and identify transactions, evaluate them in real time, and flag the ones that are suspicious. In many cases, a Suspicious Activity Report (SAR) should be filed with the Financial Crimes Enforcement Network (FinCEN).
2. 5 Key Components of a BSA/AML Compliance Program
You are most likely familiar with the Financial Crimes Enforcement Network (FinCEN) which is a bureau of the Treasury Department. FinCEN’s mission is “to safeguard the financial system from illicit use and combat money laundering and promote national security” through the use of financial services information.
3. The Important Role of Internal Controls for AML Compliance
It is well understood that money launderers use deceit or theft to capture the processes of financial entities for illicit purposes. As a result, your AML compliance program must implement internal control designs that increase the chances of preventing or detecting such activities.
Imagine waking up to news reporting the credit card data of 37 million people has been hacked. And then learning that among the hacked are employees of your company who used their corporate email accounts to sign up for a service that connected people for the purpose of having an illicit affair.
What goes through your mind?
Do you ask, how can people be so stupid? Or do you ask other more salient questions such as: … Continue reading
There was a time, not long ago, when the term social engineering meant the manipulation of behavior and various outcomes through public policy. It referred to political issues.
The digital revolution has led to a new meaning for the term, and it’s one you should know about: “social engineering” is a threat to data system security based on “the art of influencing people to disclose information and to get them to act inappropriately.”
In other words, it’s a con job to get people to reveal things about their passwords and related digital assets to help thieves gain access to a system or database.
The important point about social engineering is that it is another human risk factor that you need to address in your risk management plan. Your efforts to harden the computer systems in your organization against technical intrusion will be pointless if the people who have access to them are vulnerable to social engineering attacks. … Continue reading
