RE: Fraud Prevention Training
February 22, 2018

Post

Dear Colleagues,

The Office of Information Security recently worked with the Internal Auditor to include the following subject matter into the institution’s Fraud Prevention Training.

Sharing Passwords

  • Do not share you LBCC password with anyone. Doing so is a violation of LBCC AR 6006 and may be subjectable to both civil and criminal liability.
  • Can lead to unauthorized access to protected data.
    • The CIA Triad (Confidentiality, Integrity and Availability)
    • Confidentiality: Ensuring that information is accessible only to those authorized to have access.
    • Integrity: Safeguarding the accuracy and completeness of information and processing methods.
    • Availability: Ensuring that authorized users have access to information and associated assets when required.
  • Compromises Internal Controls.
    • Access to PeopleSoft, TARS, other systems is restricted to employee classifications with clearly defined duties.
    • By sharing passwords, the employee receiving your password could have access to security clearances they shouldn’t have (timesheet approvals, invoice approvals, etc.)
  • Can lead to fraudulent activity.
    • Approval of time not worked.
    • Approval of unauthorized purchases.
    • Conflict of Interest.
    • Power over employees (ability to gain cooperation under threat of duress.)

Thanks to Bob Rapoza for incorporating Information Security Standards into Fraud Prevention Training, and providing real-world examples to explain their impact.