Preventing Unauthorized Activities in the Accounting Department
Question
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account.
The penetration test was immediately stopped.
Which of the following would be the BEST recommendation to prevent this type of activity in the future?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The best recommendation to prevent an employee from redirecting money into a personal bank account would be to implement a combination of security controls that address the root cause of the problem, rather than simply treating the symptom.
Option A, enforcing mandatory employee vacations, may be a good idea to prevent fraud and reduce burnout, but it doesn't directly address the issue of the employee redirecting money into a personal bank account.
Option B, implementing multifactor authentication, is a good security control to protect against unauthorized access to sensitive systems and data. However, it may not be effective in preventing an insider threat like an employee who already has legitimate access to the payment system.
Option C, installing video surveillance equipment in the office, may be helpful in detecting fraud after it has occurred. However, it may not prevent an employee who has access to the payment system from redirecting money into a personal bank account.
Option D, encrypting passwords for bank account information, is a good security control to protect against unauthorized access to sensitive information. However, it does not directly address the issue of an employee who has access to the payment system and is able to redirect money into a personal bank account.
Therefore, the best recommendation would be to implement a combination of controls that address the root cause of the problem. This might include:
Implementing access controls and monitoring to limit access to the payment system and detect unauthorized changes or transactions.
Implementing regular security awareness training for employees to educate them about the risks of insider threats and the consequences of fraudulent activity.
Establishing policies and procedures for reporting suspicious activity and investigating potential fraud.
Conducting regular audits of the payment system and financial records to identify anomalies and potential fraud.
By implementing these controls, organizations can reduce the risk of insider threats and prevent fraudulent activity like redirecting money into a personal bank account.
