What do you think the original problem of Government fraud would be?
Is it government incompetence? Willful corruption? How about the simplest answer(in my mind) … according to CBSNews 60 minutes video and article.
“The fraud we’ll tell you about tonight is complex, pervasive and being carried out by transnational criminal organizations often using stolen identities to target U.S. taxpayers – costing the government hundreds of billions of dollars a year.”
So guess where the transnational criminal orgs are getting all of these social security numbers(stolen identities)? From all of the various darknet posts which get them from all kinds of cyber hacks and intrusions.
It sometimes takes 6 months or more before a company knows they are breached and the criminal thus accumulates a large amount of identity data to create these types of fraud. If the government systems for the various payments (disability – health – social security and more)
“Linda Miller: To be honest, Elon Musk coming out and saying, “There is a huge amount of fraud,” I welcome that message completely because finally, someone is actually saying this. No one knows the ins and outs of government fraud better than Linda Miller. She spent a decade at the Government Accountability Office, tracking how taxpayer money is spent and misspent, and even wrote the rulebook on preventing fraud in federal programs. Linda Miller: Fraud is willful deception. It involves willful deception. And– and it has to be proven in a court of law“
I don’t do politics on here or my blog (www.oversitesentry.com) but I thought it was interesting that the whole rigamarole of DOGE will actually be mostly about the fraud that is being committed on government programs by criminals.
So we have established fraud is happening on a huge scale using identities stolen many times over and over. The ciminals are selling each identity for about $2 per dataset. How much can they make on this government fraud? If there are no safeguards for now or last year. Then it could be thousands of benefit dollars per month. Especially if everything is now digital( i.e. fill out the forms online – get the money into your bank account immediately). This process also helps the digital criminal. If DOGE can highlight this issue that would be great, but it also needs to be fixed on all ends.
- The criminals need to be caught
- Government Software needs to reduce the fraud – more error checks, more fraud checks.
- And the one I am most interested in is that we need to prevent our identities from being stolen in the first place.
The DOJ and Government IT department needs to solve 1 and 2.
The businesses in charge of client identities have to defend the employee and customer identities.
Who is in charge of employee/client identities? That is everyone – since everyone has an identity and can be hacked. I know this is a huge umbrella term, but it is high time to set up a GRC program – Governance – Risk – Compliance.
I had a post on my blog at oversitesentry. “Manage Compliance and Risk”
Yes to defend our systems it is best to create a systemic manner.
I will reprint a few good points from that post:
GRC stands for Governance, Risk, and Compliance and is a concept that was originated by the Open Compliance and Ethics Group (OCEG) in 2002.
I go over each framework a little (minor comments) and discuss them. Here is the conclusion…
Conclusion
Choosing between ISO 31000 and other frameworks like COSO, OCEG.org’s GRC, COBIT, or NIST depends on the specific needs and context of the organization. ISO 31000 offers a flexible, universally applicable approach suitable for a wide range of sectors and risk environments. In contrast, COSO provides a more structured and detailed process, particularly strong in financial reporting and fraud prevention. OCEG.org’s GRC integrates multiple principles for a comprehensive approach, while COBIT focuses on IT governance, and NIST specializes in cybersecurity risk management. Organizations may also consider combining elements from multiple frameworks to develop a robust and tailored risk management strategy.
But I did not stop there – specifically for small businesses here is what is really needed:
Best Cybersecurity Framework for Small Businesses
For small businesses with fewer than 50 employees and multiple locations, selecting an appropriate cybersecurity framework is crucial for protecting sensitive data and maintaining operational integrity. Here are some recommended frameworks that are particularly well-suited for such environments:
1. NIST Cybersecurity Framework (CSF)
The NIST Cybersecurity Framework is widely regarded as one of the best options for small businesses. It provides a flexible and cost-effective approach to managing cybersecurity risks. The framework is structured around five core functions: Identify, Protect, Detect, Respond, and Recover. This structure helps businesses assess their current cybersecurity posture and implement necessary improvements
Unless one has a supply chain and everything that entails with that which would mean you need to look into ISO/IEC 27001 as it is a globally recognized standard for information security management systems (ISMS).
My recommendation is look over my store at oversitesentry as it can help you set up security policies and my book is on there as well. Contact me to discuss your GRC needs.