A former IT Manager at a school in Surrey has been found guilty of seven offences including fraud, cyber-crime and burglary following discoveries made by 9ine Consulting in an IT audit and assurance review.
9ine were commissioned in January of 2016 to undertake an external assessment of IT systems and operations. In the completion of an audit we identified financial irregularities in the procurement of IT systems, software and services.
Need help with the GDPR? Our free advisory service provides independent and objective guidance to help schools with their IT audit and compliance obligations. We are offering this service until August 2018.
In having full control of IT budgets and by working with an accomplice to provide fraudulent quotes and invoices for expensive IT equipment, the school’s IT Manager was able to divert large amounts of school funds into his own accounts under the guise of legitimate IT spending. The paperwork created to back up these purchases enabled him to avoid detection from the usual internal checks.
In our most recent school-focused webinar, 9ine and Kemp IT Law outlined the risks associated with outsourcing the DPO role. Here's the live recording in case you missed it.
Had the school not demonstrated strong governance through a regular external audit, the financial cost of the fraud would have extended well beyond the £200,000.00 identified by 9ine.
Following these discoveries and in attempting to cover up the fraud, the IT Manager used numerous “back-doors” to the network to delete servers, take down systems and cause significant disruption and damage. 9ine’s technical consultants were able to support the school in both blocking all access and then evidencing all of the malicious actions in the resulting court case.
Mark Orchison, Managing Director of 9ine, said:
“This goes to show that regular and thorough auditing of IT systems and services support is worthwhile, effective and a critical aspect of school governance. New data protection law makes the analysis of IT systems a legal requirement, with this example demonstrative of the reasons why.
In appointing 9ine, the school demonstrated good governance in the external audit of their systems, which led to the identification of the fraud. They were targeted by the reckless acts of an individual determined to incapacitate the school, which largely failed as a result of the professional response of 9ine and the school leadership”
The school have said:
““We are pleased with the outcome of the trial and are very grateful to 9ine for their excellent work and assistance in limiting the damage of the cyber-security attacks and minimising the impact of the crime”
Surrey Police’s Cyber Crime Investigator, said:
“It is essential that businesses have digital and cyber policies in place and to have good oversight of employees who have access to systems and data, including those in a position of trust.”
If the GDPR is of concern to you, please do take advantage of our free advisory service providing independent and objective guidance to help schools with their IT audit and compliance obligations. We are offering this service until the end of August 2018. Click below to book a free consultation with one of our experts.