CSO - In almost two decades of work in the financial services industry, Brad McFarland has spent most of that time heading up fraud investigations. McFarland, currently director of corporate security with The South Financial Group, a South Carolina-based financial services holding company, is also responsible for the organization's physical security and loss preventions in addition to fraud investigation.
Over the course of his career, McFarland has seen drastic changes to the emphasis and importance placed on fraud. In the past, said McFarland "Many institutions did not employ fraud investigators. Fraud was a cost of doing business."
But times have changed. Thanks not only regulatory requirements, the reputational pressures a financial firms faces in an age of rampant data leakage and identity theft have now made stopping fraud a main priority. And that means the way investigations are conducted have evolved, too. McFarland gave CSO a break down of how fraud investigators, corporate, physical and information security now come together in a combined mission to stay one step ahead of the bad guys.
CSO: As Director of Corporate Security you lead fraud investigations within the organization. How do you draw line between fraud and corporate security? Brad McFarland: Those processes are linked. Each security discipline must hold hands in order have an effective security program. The security program impacts fraud prevention, the safety of your employees, the security of institutional data, and customer information. A program needs to address the security of your facility and maintain or keep in-check reputational risk. As part of a global security program it is important to institute an effective training program for respective security disciplines.
I don't see any real barrier between those groups anymore. It's necessary that we maintain a strong, unified partnership to combat the issues we are seeing now across the financial services industry.
Of course professional certifications are important and they play a valuable role in expanding one's knowledge base. Certifications also have a special value in industry and they can represent advantages to employees that obtain a relevant designation.
However, from a broad perspective, there are a few basic steps that all security leaders should employ: First, and foremost, have a basic understanding of accounting principles. Assist in the implementation and utilization of sound accounting practices from a risk management perspective you should trust but verify accounting controls. Second, make sure that you are aware of the legal regulations that govern your field. Third, one simple guideline:communication. Effective communication plays a strong part in acquiring desired results. And fourth, implementation of an effective investigation processes; to include interviewing of witnesses, documentation, and analysis tools.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Government Agency Webifies Outdated COBOL Applications Let this CTO tell you how his agency converted 1980s-era green screens into an e-filing portal for the 100,000 cases handled each year...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the... All Applications White Papers | Webcasts