Avoiding Cyber Fraud in Small Businesses: What Auditors and Owners Need to Know

This book is not as much about detecting fraud as it is about developing company-wide awareness and implementing detection measures. These are the keys to not only fraud prevention, but also security in general. My perspective is as an IT security professional, and I found this book to be thorough in that it covers all key items, and also to be applicable to any size business.What I especially like about this book is its wide coverage that touches on each of the most important elements of awareness and prevention, including an objective assessment of cyber fraud as a threat, an approach to analyzing risks and vulnerabilities, and how to implement controls and policies. In addition to these basics, the book also goes into the technical aspects of security (written so that a non-IT professional can understand the fundamentals), and related topics, such as information protection, and legal issues associated with web site content. While the latter are not specific fraud vulnerabilities, they represent business risks that are loosely related to fraud. Other material that I found useful and informative included the chapters on internal protection controls and conducting audits and investigations.This book is a valuable resource for any IT security professional as well as corporate security, auditing and internal controls, and general business professionals (especially marketing). If you are new to fraud I also highly recommend "Fraud 101: Techniques and Strategies for Detection" by Howard R. Davia (ISBN 0471373095) which provides a solid foundation for understanding fraud management from a wider perspective, and "The Computer and Internet Fraud Manual" by Joseph T. Wells (ISBN 1889277363), which goes deeper into detection and response techniques.