The threats from within – how to protect your business from fraud
15 January 2016
By Simon Dukes, Chief Executive, Cifas
Insider fraud is a growing threat to today’s companies, big and small. Your staff can hold the solution.
- The threat from insider fraud is growing and it can affect businesses of any size;
- Educating staff against the risks can have a big impact;
- Vetting staff is a crucial part of doing everything you can to prevent a known fraudster entering your organisation in the first place.
Are employees your greatest strength or greatest weakness? When it comes to insider fraud risks the answer is: both. Well trained staff who are supported to raise concerns around wrongdoing can be as effective as some of the most complex fraud prevention technology out there. But staff can also be the point in the chain where it all goes wrong, leading to significant financial and reputational loss for businesses.
The threat from insider fraud is growing and it is increasingly sophisticated. Recorded internal fraud cases up by 18 per cent last year, according to Cifas data. The types of fraud are changing too – theft of cash still happens, but data is the new gold. We know that criminal gangs are experienced at planting members into companies so that they can commit fraud from the inside, often by stealing lucrative data on customer details that can be used to engineer scams or commit identity fraud.
Sometimes employees are pushed into crime, often by a change in circumstance that has resulted in extreme stress, such as debt or blackmail. Others are seduced into it – perhaps they have stumbled across a weakness or loophole in internal controls and find it relatively easy to commit the fraud, or are targeted by gangs.
But it is crucial that businesses also realise that often there is no malicious intent of the part of their employees. A member of staff can become an accidental, innocent pawn in a fraudster’s game. We are increasingly seeing cases where seemingly genuine emails, websites, links, pages, attachments designed to be opened by staff and actioned, contain malware that attacks a company’s security systems or convinces the recipient to disclose confidential information or security details.
Fraudsters thrive on ignorance. This is good news for businesses, because it means that there are many cost effective steps that businesses of all sizes can do to train staff and communicate fraud policies clearly. Educating this honest majority of staff and equipping them to spot and report fraud will make a big difference.
As for how to avoid those who do not have honest intentions, start at the beginning. Vetting staff is a crucial part of doing everything you can to prevent a known fraudster entering your organisation in the first place. It can be avoided and it reduces risk.
For more information on how to protect your business, contact Cifas on www.cifas.org.uk