Ask the Expert

Is it important to hold fraud-training sessions during a fraud-risk analysis?

We are in the process of performing fraud risk assessment. As part of this assessment, is it imperative/important to hold fraud-training sessions? If so, what should these sessions emphasize?

    Requires Free Membership to View

Holding fraud-training sessions is definitely not imperative. To the contrary, I think it's a bad idea to do training in the middle of a risk assessment.

The purpose of the risk assessment is to figure out how vulnerable systems are to fraud. Begin by determining a baseline relative to current activities, so that new processes and procedures can be put in place to more effectively deal with fraud.

Training employees in the middle of the assessment runs the risk of compromising the data gathered during the risk assessment. There will be plenty of time for training later, but during the assessment is the time to uncover and categorize those risks, so the organization can determine what needs to be done most urgently.

To be clear, fraud training is absolutely critical to fraud reduction efforts, but after the assessment is complete. When that time comes, focus on helping employees understand both what is considered private data and intellectual property (presumably the data that needs protection), as well as recognize typical attacks (mostly social engineering and other fraud attacks).

A helpful site to look at when starting a training program is PhishMe.com. This site automates the sending of phishing emails to employees and tracks whether they fall for the ruse. It can also test employees over time to see if educational and training efforts had a positive effect on their ability to deal with the fraud.

More information:

This was first published in May 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: