Decision-makers “concerned” over insider threat posed by fraudsters

With many businesses currently recognising International Fraud Awareness Week (which runs from 17-23 November), the recent Cifas survey clearly shows that business leaders in charge of staff training are increasingly worried about the impact fraud could exert on their organisations.

Employees are an attractive target for criminals who use different tactics to exploit the latter’s position as well as their direct route into an organisation. Examples include phishing e-mails and fake documents to trick staff into downloading malicious software on to their systems or rush through payments before they have the chance to challenge legitimacy.

Some fraudsters are also known to approach workers either in-person or online, promising cash in exchange for sensitive company information: data which is often used against the organisation or sold on The Dark Web.

The increase in hybrid and remote working also continues to pose challenges for businesses trying to reduce the threat posed by members of staff who are willing to put their companies at risk – such individuals are often referred to as an ‘insider threat’ – and abuse their positions of trust.

Insidious world

Rachael Tiffen, director of learning at Cifas, explained: ‘Many organisations are fearful that employees will become embroiled in the insidious world of fraud. When the workforce is the first line of defence, businesses must have robust procedures and policies in place to ensure security is not compromised and also that colleagues and customers are kept safe.”

Tiffen added: “Building counter-fraud skills and developing an anti-fraud culture can help to further protect businesses, ensure that employees understand the dangers of criminal approaches or insider risks and encourage workforces to report suspicious activity.”

There are eight ways in which organisations can improve internal controls in order to detect and prevent fraud:

*Run fraud risk assessments to consistently review gaps and ensure vulnerabilities are remedied at the earliest opportunity

*Implement counter-fraud measures that improve business safety, such as having a robust Code of Conduct and procedures and policies in place that cover device and data security

*Invest in technology that enhances security controls on equipment (for example, multifactor authentication and facial recognition)

*Roll-out proper vetting checks through an employee’s entire lifecycle and screen people regularly, regardless of their job title

*Provide specialist training on a consistent basis such that employees continue to develop counter-fraud knowledge and ‘upskill’ themselves in terms of how to spot and report signs of dishonest conduct

*Create accessible ways for staff to escalate concerns confidentially (such as through their managers and/or via a whistleblowing service)

*Be aware of any unusual patterns among staff. For example, are they now exhibiting a lifestyle that contradicts their salary? Are they suddenly disgruntled and/or reluctant to adhere to organisational controls? Look out for signs of behaviour changes as well

*Prioritise employee welfare. When staff know that support is available, this can often be the difference between them seeking help or feeling they have no other option but to be dishonest

Comprehensive support

Through data, intelligence and learning, Cifas provides comprehensive support to help organisations add that critical layer of protection for their workforces.

Access further information on Cifas’ Insider Threat Protect solution, the Cifas Fraud and Cyber Academy courses and the Digital Learning programme.