Twenty years ago, working from home was a foreign but enticing phenomenon. Now, it’s considered essential as the COVID-19 pandemic continues. This leaves office spaces and the key assets therein, from paperwork to equipment, largely unmonitored.
We’ve recommended that our clients fortify physical and technical security measures in these spaces to prevent unauthorized entry and any contamination. Unfortunately, external threats are not the only thing employers need to worry about. We have also seen an increase in insider threats since workforces have gone remote, and it should be a top security priority.
Why a Pandemic Could Spell Insider Threat and Fraud
Following the 2008 market collapse, agencies like the Association of Certified Fraud Examiners (ACFE) observed a significant increase in internal fraud (i.e., insider threats). According to one of their surveys, the majority of respondents said they experienced an observable increase in the number of frauds, translating to millions of dollars lost.
As unemployment nears 20 percent and millions find themselves without jobs, the COVID-19 pandemic has created a financial crisis with echoes of 2008. If anything, the stakes are higher – as the virus continues to hospitalize Americans, a lost job could likely mean lost health insurance. In this kind of environment, even otherwise upstanding employees could seek to commit fraud internally, whether to:
- Acquire benefits for themselves like extra cash when money is tight. There’s a reason Bernie Madoff, the infamous Ponzi schemer, “made” his billions during the 2008 Recession when people were willing to put their life savings on the line for financial assistance.
- Create the impression that they are contributing significantly to the company. As pressures mount for revenue, employees concerned about their job security could falsify performance metrics and financial reports, lauding a contract and the associated financials that are not quite there yet, and maybe never will.
The pandemic only aggravates this possibility because employees have increased opportunities, which the ACFE cites as one of the major contributors to fraud. With offices empty and fewer staff to review and confirm records, insider threats have room to grow. It is possible that employees will become emboldened to look deeper into company files and data from the comforts of home, not fearing somebody walking into their office and observing what they are perusing on the computer.
What You Can Do To Prevent Internal Fraud
- Establish or empower an anti-fraud function. According to the ACFE’s 2019 research, organizations that failed to invest in internal controls had significantly higher fraud losses and took longer to detect frauds than those who had targeted anti-fraud measures in place. That means that while laying off personnel who monitor fraudulent activity may seem like a necessary cost-saver now, it could prove much more harmful in the long run. We suggest ensuring your program remains robust even if they are working from home.
- Conduct robust audits and compliance checks on all financial data. If they are not in place, establish the processes to make sure that everything looks right and is right. When so many business leaders are tightening their belts and looking closely at performance indicators, largely tied to financial gains, the opportunity for a shiny nickel to catch your eye without applying the appropriate level of scrutiny in audits and compliance measures can be devastating.
- Assess your company’s cybersecurity hygiene. If any employee can access payroll or other critical financial information from home, that is a significant security vulnerability – especially if you do not have the proper cybersecurity mechanisms in place to also prevent an external intrusion. This is an opportunity to engage a third-party to ensure only the appropriate personnel can access the most sensitive files, and that employees who are working from home are following best practices in protecting company data.
- Emphasize due diligence and regularly conduct investigations. Many companies are relying on new vendors for critical supplies in addition to building business relationships with vendors as a matter of regular business. This is another opportunity for individuals who are looking to commit fraud: create a fictitious vendor, through which they can bill their own company for services. Due diligence investigations are designed to combat this type of fraud by confirming if an entity is real and provides the services that it advertises. If your due diligence abilities are limited, you can always engage a third-party to research potential vendors on your behalf.
- Stay connected. A robust communication plan is essential to working during this global pandemic. Though sustaining productivity is certainly a priority, staying connected means checking up on employees who may be struggling. From financial hardships to severe illness, workers are facing mounting pressures at home and employers have a duty to ensure they are receiving the support they need.
As we’ve discussed, these types of external pressures are often the impetus for internal fraud. Employers are fearful for their jobs, their families and their health. Demonstrating continual support for employees and providing the necessary resources, like a referral to an employee assistance program (EAP), can help those struggling and also prevent the consequences of an insider threat.
When people face their most challenging times, they often step up to new demands. When they don’t, the temptation to exploit a situation can overtake their better judgment. The potential for insider threats always exists but as the COVID-19 pandemic continues to impact our everyday lives, organizations must stay diligent for the potential risk.
Have more questions on insider threats and how to mitigate them? Feel free to reach out to us directly.