To read this content please select one of the options below:

Customer data security and theft: a Malaysian organization’s experience

Mohd Aizuddin Zainal Abidin (Faculty of Accountancy, Universiti Teknologi MARA, Shah Alam, Selangor, Malaysia)
Anuar Nawawi (Faculty of Accountancy, Universiti Teknologi MARA, Shah Alam, Selangor, Malaysia)
Ahmad Saiful Azlin Puteh Salin (Faculty of Accountancy, Universiti Teknologi MARA, Perak, Malaysia)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 11 February 2019

Issue publication date: 27 February 2019

2052

Abstract

Purpose

This study aims to identify weaknesses in current internal control systems in protecting customer data and the drivers that motivate employees to steal customer data and the impact of customer data theft on the organization.

Design/methodology/approach

A case study approach was taken to investigate and analyze internal control system weaknesses. One organization that involved investor and treasury services was selected as a case study in this research. A mixed method of data collection, specifically survey questionnaires and observations, was used.

Findings

This study revealed that employees are aware of the policy to protect customer data in their organization. Ironically, customer data theft still occurred despite the company having an internal control system. The main concern was the attitude of the employees to adhere to the policies in place, which becomes the major cause of internal control violation. Employees tend to ignore policies and standard operating procedures, providing opportunities for data theft and fraud to occur, although they realize this will result in a severe impact on the reputation of a company.

Research limitations/implications

The results provide further confirmation of the fraud triangle theory, i.e. opportunity on the possible causes of the data theft and fraud, supporting prior empirical research and surveys conducted by researchers and global professional firms on fraud. This study, however, was conducted on only one organization with limited participation from employees because of the sensitivity of the nature of the topic.

Practical implications

This study provided recommendations that can be a reference for companies and regulatory bodies in preventing customer data theft cases, such as regular training and awareness campaigns to the staff, stringent recruitment policies, close monitoring on the accessibility of customer data and continuous use of advanced technology to prevent a data breach.

Originality/value

This study is original, as it focuses on an organization that operates in the financial services industry, which is one of the most attacked sectors for data theft and cybercrime activity globally. Furthermore, this kind of research is rare in fraud literature, particularly in developing markets such as Malaysia. The findings of this study are inferred from the direct observation of the organizational and employee work environments, activities and behaviors, which are private and confidential and difficult to access by researchers for publication in academic journals.

Keywords

Citation

Abidin, M.A.Z., Nawawi, A. and Salin, A.S.A.P. (2019), "Customer data security and theft: a Malaysian organization’s experience", Information and Computer Security, Vol. 27 No. 1, pp. 81-100. https://doi.org/10.1108/ICS-04-2018-0043

Publisher

:

Emerald Publishing Limited

Copyright © 2019, Emerald Publishing Limited

Related articles