While our focus and forces are being concentrated on the enemy without, we must always be ready for the enemy within.
Hackers in distant countries can steal 100 million identities in an afternoon, but your employees already know your secrets. In one simple, clever scam, Telstra was put in the spotlight of a classic Call Centre operation. They are definitely not alone.
Like many telcos, Telstra had moved some of their Call Centre operations offshore – in this case to the Philippines. Some of the Call Centre staff, with full access to the billing systems, tracked down customers with bills of more than AU$ 1,500. And made them an offer.
For a fee that was far less than their outstanding bill, they would adjust their balance to zero. The system would record that the bill had been paid, and the employee would pocket AU$600 or so. If the customer hesitated then the fraudster might reduce the customer’s outstanding amount by, say, AU$50, thus proving he or she had the access and capability to do it. Communication with the customer invariably took place via mobile phones and often by text.
A year before this scam came to light, Telstra had sacked hundreds of employees for a similar but lower value fraud. Claiming it was now over and could never be repeated was proved wrong in the new and higher value scam.
The real question is how can telcos or banks or any organization where employees have access to systems such as billing and payments protect themselves.
Vet employees better? Of course.
Monitor screens and calls? Sure.
But the truth is that clever people will find ways round it. The only real solution is a culture of trust that permeates through the organization, one that incentives people to watch for and report the bad pennies.
As an old friend and security guru Charles Brookson always says ‘who will guard the guards?’ Except he used to say it in Latin.
It was a good point 20 years ago and it is a good point now. And while we spend our energies keeping up with distant electronic enemies, we must never forget how vulnerable we are from within.