Wipro Finds $4 Million Fraud by Employee-The spill over effect.
It is common knowledge by now that a $4 Million Fraud has been discovered by Wipro in their books.
Right now, there is very little public information about the modus-operandi or the number of employees involved or the time period.
Of course, it is understandable that Wipro would not like to disclose more about this incident. Otherwise, this might encourage a similar type of incidents in other Organisations too.
Like it or not, today’s world is driven by computers, with the LOGIN ID and PASSWORDS being omnipresent.
Hence, in any Organization, it is important that adequate care be taken with LOGIN ID and PASSWORDS.
It is important to note that the fraud was committed in a IT Organization and not a Financial Institution.
I am not going into the
01) The modus operandi of this incident.
02) What Wipro need have done, to prevent such an incident?
There are far more competent people than me, to address the above issues.
What I am interested is what can be done to prevent such incidents in any Organization, be it IT, Finance, Oil, etc.
There are a large number of companies in this world, whose Balance Sheet is equal/more than Wipro’s.
This means such incidents can occur in any Organization, as long as the crooks find easy money.
What is NOT the Solution:-
01) Educating employees that sharing of Login Id’s and Passwords is wrong.
Let us accept the fact that in today’s environment, sharing of Login ID’s and Passwords is the rule, rather than the exception.
Than what is the Solution:-
In my view, the following measures will reduce the number of fraudulent incidents.
Critics might say that lots of money is involved in the measures, but than if the Money spent is less than the potential loss, it is better to spend the money.
01) Have a minimum number of Applications/Software Programs, which have access to the Organization’s monies.
I know an institution, in which the users for their routine operation had to remember 17 Login Id’s and the corresponding passwords!!
So you cannot blame the users for having a single login id and password for all the 17 Applications/Software Programs.
02) All the routine Applications/Software Programs are linked to the HR Applications/Software Program.
The process flow could be as follows:
a) Employee logs into the HR Application.
b) On sign in HR Application,(attendance register) the access to all other Applications should be activated.
c) In case of meetings or other work during the office timings, if the employee has to be away from his desk, he will log into the HR Application, and tick the Out of Desk option. This should block access to all the other Applications, till the employee, unticks the Out of Desk option in the HR Application.
d) When an employee is on leave, the same should be updated in the HR Application, and during the leave period, access to all other Applications is to be blocked.
This means HR Application will be the all-pervading Application in the Organization.
In fact this can be new business opportunity for IT Companies.
No comments:
Post a Comment