The personnel of the IT department also have their share of duties to perform to ensure safety of financial transactions. Today, managers of this department carry their fair share of responsibility in protecting computer systems. They are given the task of tracking employees’ computer usage and to report aberrant or suspicious activity. The IT personnel play a key role in incident response teams alongside legal experts in ensuring adherence with applicable laws. These days, the Internet Service Providers are also extending their services to include security features so that their customers can have an Internet experience that is free of “spam, malware, phishing attacks, worms, and viruses” (Ena, 2008). Third party security vendors have also come up offering sophisticated software and hardware products that would protect computer networks from security threats.
On the legislative front, to take the case of the United States, the Sarbanes-Oxley Act is a vital step forward in preventing fraudulent financial transactions. The Act holds responsible managers of business corporations for maintaining strict network protection mechanisms. Section 404 of the Sarbanes-Oxley Act is worthy of mention here, as it sets out guidelines for documenting internal controls. It further mandates that businesses should constantly monitor the effectiveness of these controls. The CEOs of companies are required to file reports with the Securities and Exchange Commission as to the veracity of the “company’s financial statements based on the integrity of these controls” (Guttmann, 2002). Also, Section 302 of the Act makes it mandatory for companies to “disclose all deficiencies in their internal controls and any fraud involving employees. Developing factors that could have a negative impact on internal controls must also be reported.” (Taylor, 2005) Hence the Sarbanes-Oxley act is a much needed legislation that has contributed toward reducing instances of financial transaction fraud over the Internet.
Another way in which companies can strengthen their security systems is by implementing Enterprise Resource Planning (ERP) systems such as PeopleSoft and SAP. Once this is done, the operations and electronic financial transactions across various departments such as sales, manufacturing, accounting, etc can be seamlessly integrated. (Taylor, 2005) The ERP systems created by software companies such as PeopleSoft and SAP come with many in-built security features which can come handy in preventing electronic financial transaction fraud. But the problem is that “employees often view these controls as a burden and, thus, fail to maintain and update them. In many cases, employees never even properly implement the controls due to the complexity of maintaining them and the need to understand all relevant business processes before implementing those controls” (Guttmann, 2002). Hence, we learn that the prevailing threats to security systems can be significantly reduced if only employees and managers will adhere and apply certain basic security guidelines as devised by ERP systems. (Taylor, 2005) In addition to this, businesses can build transaction-integrity monitoring systems.
Hence, in conclusion, it can be stated that the tug of war between computer system owners and hackers will continue in the future too. As businesses tighten up their security systems, fraudsters on the lookout for quick money will invent ingenious ways of breaking into the computer networks. In this scenario, it is quite clear that the stakeholders in the security of computer networks should stay one step ahead and come up with robust security arrangements to ward off possible threats. A coordinated effort from top managers, IT personnel, Internet Service Providers and legislators is necessary to ensure the integrity and consistency of electronic financial transactions.