Fraud happens. It is present in every organisation. External attacks and internal fraud have become a fact of life and no longer something to be ashamed of. Digital security incidents are likely to occur at some point in any organisation. Even when systems are fully protected and designed correctly, history has shown that trusted internal employees may cause incidents by accident or with malicious intent. Therefore, it is crucial to prepare for such incidents before they occur.
At such a moment, speed of reaction is crucial. The earlier you react and call in the experts the smaller the damage. Not only is the impact smaller, but when the traces are still hot the chances to find and prosecute the fraudsters are maximal. However, we often encounter weak responses to fraud incidents; eg. emotional reactions, delays due to internal discussions on responsibilities, and internal investigations without knowledge of the legal pitfalls. In addition, we often find that many organisations do not even have appropriate mechanisms in place to detect fraud early enough before major harm is done.
Deloitte’s Acceptable-Use Diagnosis assesses how your employees are using and accessing data, with the goal of detecting non-desirable behaviour. This helps to build an Acceptable-Use Policy to lay out the desired behaviour. This policy specifies who can access SAP functions and data under certain conditions. These conditions may specify that the employee must actually be at his desk, or must not be connected via a VPN, or can only do so during working hours, or cannot be logged in as privileged user when entering production data, etc.
Deloitte helps deploy specialised software, such as from Aprico and Consul, to collect access logs from operating systems, firewalls and routers, databases, mainframes, access control systems, etc. The software determines the activities of users on different systems and correlates this to monitor who is accessing what, through which systems and at what time. Any deviation from the expected behaviour becomes an incident that can be handled using an incident management process, of which Deloitte professionals have long and broad experience.
And when fraud does happen, Deloitte can provide a conclusive investigation of all activities. These incident response services analyse computer fraud and determine the cause, contain the incident and prevent its effects from spreading. Our computer forensics services safeguard any data from SAP and any other relevant system and even analyse unallocated space. Deloitte may also involve its registered forensic auditors to interview personnel members and further investigate bank account transactions or accounting entries. This way we can provide legal, finance and tax assistance in the actual litigation of external fraudsters, in maximising the recovery of monetary losses while still observing data privacy.