How poor Access Management in your information systems can lead to fraud

May 29, 2019
KPMG

Information systems fraud is about as high a set of stakes as you can get. Millions of dollars can be lost over time, as some historical examples have shown us. Also, should you be found out of compliance with regulations, resulting legal action from clients and governing bodies can add fees and fines to the financial burden.

Because of this, it is important for all businesses to identify potential pain points for fraud. One of the more surprising areas of opportunity for this is poor access management. Here is how this can play out.

The road to fraud

Bad or outdated access management systems, lacking the speed and capacity to catch malicious elements, can lead to fraud potential. For example, if someone was to obtain a CEO’s device and use it to access his email, an up-to-date access management system would alert a team of any suspicious activity. Access from a suspicious time zone or location would result in an instant red flag. Older access management systems, while providing this information, often lack speed and urgency. This means that sensitive information could already be compromised before the breach is common knowledge.

Another path to fraud is using an access management system without proper segregation of duties. One of the easiest ways to minimize fraud is to make sure as few people have access to sensitive data or finances as possible. Some legacy systems lack the means to do this and cannot track users with past violations within the system. This can make it more difficult to pinpoint suspicious activity.

Improving your Access Management

With there being so much to lose, what can professionals in the field do to improve their access management? You can start by centralizing your approach. Growing businesses should especially pay attention to this, as it is more likely that they are adding more and more devices to the network. More centralization not only helps with security, but also makes for a more user-friendly experience.

Equally important is taking the time to phase out legacy systems. This can be a headache for companies which have them embedded in their workflow, but ultimately, these systems are going to have areas of vulnerability that never really go away. It is still probably worth it to try and upgrade regardless. Many of these legacy items may lack the compatibility with other modern options you intend to implement.

Perhaps the most important thing is making sure that you have a reliable access management software solution. You need to be able to have something that matches the compliance needs of your industry, while providing optimized functionality. Sofy is a perfect match.

The KPMG Sofy Suite is built on advanced data solutions to help companies make stronger business choices, raise their efficiency, and mitigate risk in their decision-making.

Do you want to learn more? Or do you have any questions, please let us contact you.