Don’t open the door to fraud
Security access that gives you data immediately can be convenient. However, easy access also means greater risks for fraud and easier access for cybercrimes.
State agencies are expected to implement internal controls that prevent fraud and data risks (such as being able to encumber and pay, or access to sensitive data not needed for a role). Take these actions steps to help keep your data secure.
ACTION STEPS:
- Restrict the level of access to only what is absolutely necessary to perform a role
- Ensure segregation of duties that prevent staff from being on both sides of transactions (ability to approve vendor and pay; ability to order goods/services and approve invoices)
- If additional access to data is needed, or you have limited staff who perform multiple functions, have a process to have separate review prior to approval
- Ensure that you have monitoring in place (system and people) to identify anomalies, fraud and cyber incidents
See our CTR Cyber page for more cybersecurity internal controls and our contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.