For over 25 years, Haystax has been the provider of world-class commercial software products for direct use by individuals in the agencies charged with protecting our communities, cities, and country. Thus, our product is one of the most widely deployed risk management software solutions, used by school, law enforcement, fire, emergency management, and other government agencies across the United States.

Image module

Haystax for School Safety

Haystax meets the constantly evolving challenges of providing safe learning environments for students, faculty, staff, and local security partners by integrating all vital incident and school facility information into a single, online platform.  Physical assessments and behavioral assessments along with the ability to report and monitor incidents on or near campus are hallmarks of Haystax for School Safety.  Know your threats sooner, respond faster, and effectively coordinate actions for all stakeholders.

Image module

Haystax for Public Safety

Law enforcement professionals are called upon daily to perform a broad range of tasks—from routine patrols, intelligence gathering and investigations to major crime and incident responses. Their challenge is to ensure public safety despite incomplete intelligence, limited cross-jurisdictional information sharing, and tight budgets. Haystax helps law enforcement agencies prepare for and respond to any crisis with a dynamic picture of emerging threats, rapid  intelligence-collection and incident-reporting tools, and a seamlessly integrated user environment that  ensures maximum collaboration and analytically sound command decisions for rapid response.

Image module

Haystax for Enterprise Security

Haystax has developed a suite of applications designed specifically to help corporate security decision-makers and analysts navigate this challenging environment. Haystax alerts corporate leaders to their most likely threats and natural hazards, provides critical security and operational information about each physical facility, regardless of its size or geographic location, and allows risk managers to identify and mitigate their biggest vulnerabilities. Moreover, the Haystax platform enables security teams to manage incidents and major events—from the ops center or out in the field.

Equipped with these insights, CSOs can better anticipate their risks, communicate with leadership and limit their company’s exposure to financial, legal and reputational liabilities.

PrevHaystax Named to Regional Innovation List03 January 2019NextThe Parkland Tragedy, One Year Later14 February 2019

Small Businesses Most Vulnerable to Insider Fraud

January 31, 2019
Fraud

Employee fraud and abuse cost companies roughly 5% of their annual revenues on average, but small companies suffer disproportionately higher losses due to their trusting cultures and the relatively broad autonomy enjoyed by their executives and employees.

That’s the conclusion of a recent Forbes article, which noted that small businesses with 150 employees or less are the most vulnerable to fraud, “because they lack appropriate internal controls and owners lack awareness of the risks their companies face from insider threats.” The most common fraud types it found were check tampering, payroll and billing schemes and expense padding.

Discovering such fraud after the fact is hard enough; identifying it beforehand may seem altogether impossible, especially to a smaller company with limited resources.

But there is a way. The article’s author also highlighted a recent study by the Association of Certified Fraud Examiners (ACFE), which found that: “Individuals who are engaged in occupational fraud schemes often exhibit certain behavioral traits or warning signs associated with their illegal activity.”

ACFE’s list of 17 so-called ‘behavioral red flags’ makes for very interesting reading, especially the six most common: (1) living beyond one’s means; (2) financial difficulties; (3) unusually close association with a vendor or customer; (4) excessive control issues or unwillingness to share duties; (5) recent divorce or family problems; and (6) a general ‘wheeler-dealer’ attitude involving shrewd or unscrupulous behavior.

The Haystax for Cyber-Crime Prevention solution uses probabilistic models to analyze a laundry list of individual behaviors that are strong indicators of future fraud, and the behaviors outlined by ACFE are among the ones our models are designed to pick up.

In designing the solution, our data scientists first settled on the concept of trustworthiness as the most important relative indicator of insider risk. The less trustworthy an individual was, their thinking went, the more likely he or she would be to commit fraud, data theft, sabotage, espionage or some other harmful activity.

Working collaboratively with subject-matter experts in psychology, financial fraud, threat intelligence, criminal behavior and other related subjects, the data science team captured their insights and judgments and encoded them into a model of trustworthiness in all its forms.

Haystax software engineers then integrated this expert model into a user behavior analytics (UBA) platform that can ingest data relating to professional and personal indicators of employee trustworthiness, such as reliability, credibility, conscientiousness, financial and job stability, respect from colleagues, lack of a criminal record, etc.

Data from diverse internal company sources (HR reports, travel/expense records, network logs) and public records is applied to the model. The results — essentially a prioritized scorecard of risk across the workplace — are presented to a security analyst, who can then use Haystax’s in-built workflow tools to triage, investigate and respond to the biggest threats. Every time new data is applied, the risk scorecard is updated.

This enterprise-strength UBA tool gives our small and medium-sized business (SMB) clients a way to anticipate and mitigate all types of cyber and physical risk — including threats posed by trusted employees, vendors and contractors — regardless of whether the actors are malicious, intentionally negligent or simply unaware of their actions.

To be sure, as the Forbes article points out, there are critical policy, procedural and cultural standards that every SMB should put in place as well, from conducting fraud risk assessments to segregating financial responsibilities to cultivating a culture of integrity.

But in the spirit of ‘Trust But Verify,’ those assessments and cultural norms could benefit from being augmented with some low-cost but powerful UBA tools as a way of getting ahead of any looming insider threat.

# # #

Note: Why wait until employee fraud has hit your firm? Haystax built its Cyber-Crime Prevention solution for precisely the kinds of threats and vulnerabilities found in SMBs. Learn more about our solution here.

Related posts