There is no better time for cybercriminals and fraudsters to attack businesses than during a crisis. But there are things that companies can do to mitigate the risk.
A few weeks ago, I posted an IdeaXchange blog discussing the ways AI (artificial intelligence) could help businesses. In that blog, I noted that, although the increase in AI technology is being adopted by more and more organizations, too many CIOs (71%) feel that their own organizations have limited skills and understanding of the technology and strategies.
One of the areas I covered, where AI could be most effective is in the accounting department, a function where repetitive tasks are most likely to benefit from the use of AI and automation. This is also an area that can be a victim of fraud. And AI is extremely helpful in combatting fraud.
How COVID-19 created the perfect environment for fraud
As we all know, the pandemic has resulted in huge numbers of workers now doing their jobs at home. In a May article, Gallup noted that remote work had levelled off at 62% in mid-April. Some of those workers may have been returning to the office as states open up but, as we see, this crisis is in no way over and offices may yet close again.
So, when it comes to fraud, this remote workforce becomes an easy target for both scammers and hackers. The thing to remember is most of these perpetrators are hardly master criminals. What they understand is the too trusting nature of humans. That’s why so many criminals gain access they need through some very simple tactics:
- The CEO email – When working from home, there is often no way to check if your CEO (or other top executive) actually sent the “urgent” email that asks you to click to find out the latest COVID information or the latest corporate numbers.
- Spear phishing – Your workers are only human and the same frailties that cause them to fall for these attacks in their personal lives may have them do the same when working from home. You can’t simply turn to the person in the next cubicle to ask if they are aware of this request. Phishing is the fraudulent practice of sending emails that claim to be from a reputable company (like a trusted and known supplier) in order to get personal information (passwords, credit card information) that may allow the person to infiltrate company’s data. Working remotely may make it difficult to confirm whether the email is real.
- Vendor payment portal takeover – In these cases, perpetrators use vendor portals to “update” information (addresses, bank accounts, etc.,) that will divert the payments that should be going to the vendors. Again, when working from home, it becomes more time-consuming to contact people within and without the organization to verify if payments are properly made. You may only find out this crime has been committed when the vendor asks where its payment is.
- Five ways to combat these types of fraud – Companies that employ AI and automation for functions like procurement and AP, both of which depend on repetitive tasks, mitigate the chance of these easy-to-use fraud tactics. However, that doesn’t mean you still shouldn’t warn your employees to be on the lookout for the most common forms of fraud and practice discipline. PwC, in an article from earlier this year, noted that “Fraud is at its most virulent during downturns and crises,” and right now, COVID-19 fits both those descriptions. To deal with this PwC recommends five things an organization needs to do to combat fraud during this time:
- Plan for long-term remote working – Make sure that the access to company information supported with strong security and privacy technology that will enable employees to access critical data so business can continue, all while mitigating the chance for fraud.
- Inform your employees of what to look for – An educated workforce is your strongest preventative measure. Have teleconferences on how to detect social engineering and email attack techniques.
- Ensure all stakeholders understand the issue – Don’t ignore all the different people and entities that interact with you and your employees. According to the PwC article, when asked “to name their area of greatest vulnerability in a serious crisis, nearly one in four US executives (23%) pointed to their communications with external stakeholders, with another one in six (17%) citing communications with internal stakeholder.”
- Consider your business partner network as a possible road to problems – Fraudsters don’t always have to get into your data through your own company…sometimes it’s easier to do so through a vendor or business partner (inadvertently of course). Make sure that all of the people you interact with undertake their own fraud prevention and mitigation efforts. If you aren’t comfortable with their ability to handle this, then perhaps it’s time to look for another vendor….at least for the current crisis.
- Invest in fraud detection tools – It is abundantly clear how costly fraud can be, yet PwC found that only half of U.S. companies are using fraud detection tools and less than four in ten are using stronger technology like AI and machine learning. Fraud is incredibly costly. In times without a crisis, five percent of all revenue is lost to occupational fraud annually. That is according to an Association of Certified Fraud Examiners (ACFE) report. That translates to $6.3 billion in total loss to businesses in 2,410 occupational fraud cases.