Whenever an employee is hired, an employer would always like
to think that he or she would be with them for a long time. This may have been the trend back when my
parents were growing up, but this is certainly not the case anymore.
Given the digital age that we live and the Remote Workforce that
we have now, people are now leaving jobs at rates never seen before in search
of other ones, or even perhaps to become a gig worker. Even despite COVID-19 still lingering on, and
the persistent inflation that we are still having, the job market is still very
robust.
In fact, you probably have even heard of this era known as
the “Great Resignation”. But whatever it
is, the fact is that we are living in unprecedented times. But, as employees come and go, there is a new
Cybersecurity risk that is starting to emerge into the mainstream now: Employee fraud.
Whenever we think of this term, we often think of ID Theft,
or somebody stealing our credit number.
While these are true cases of it, employee fraud occurs when an ex-employee
tries to steal something of value from their previous employer.
For example, it could be a piece of intellectual property,
or even names and other types of contact info from customers (especially if
this ex-employee wants to start their own business). And in fact according to a recent report from
Microsoft, more than 40% of the current employees are considering leaving their
position.
This only increases the chance of fraud from increasing even
more. More details about this report can
be found here at this link:
According to the Cressey Fraud Triangle, there are three key
reasons why an employee would engage in committing an act of fraud:
1)
Financial Pressure:
The employee may have all of a
sudden been hit with a huge crisis, such as a medical one, and the costs are just
too staggering for them to deal with.
2)
There is an opportunity to do it:
Because of the lack of controls, or
even a vulnerability, there also exists a chance where an employee could heist
something without any ever noticing it.
3)
The act of rationalization:
Somehow, the employee has decided
in their own mind that it is OK to commit an act of fraud for personal gains.
More information about the Fraud Triangle can be seen here
at this link:
What is interesting about this triangle is that usually
takes just one factor or even a combination of them for the employee to commit
the illegal act. But apart from these three
motivating factors, there are also other three telltale signs that an act of
fraud could be occurring or there is the potential of it in actually happening:
1)
The employee is spending too much:
This simply means that the employee
is spending far more than they are earning.
Usually the excess buying is triggered to make the person “feel good”
that they have something they think that they have wanted, but they really don’t
need it.
2)
Money shortages:
As mentioned earlier in this blog,
the employee could have been hit with a huge, unexpected expense.
3)
Different kinds of relationships:
By this, I mean that the employee
is starting to develop unusually strong ties to their clients and/or third-party
vendors. If this is happening, this typically
means that they are wanting to start their own business, and are looking at getting
some customers to transition to their new gig.
More information about other telltale signs can be
downloaded at this link:
https://www.acfe.com/fraud-resources/global-fraud-survey
My Thoughts On This:
At the end of the day, there is only so much that you, the
employer can do, to help mitigate the risk of employee fraud occurring at your
business. But here are some actionable tips
that you can take:
*Always maintain an open-door policy. As far as possible, if an employee is having
a problem with something, take the time and listen to them, like a good friend would. In these cases, they are often not seeking
advice, they just want somebody to listen to them.
But if they need advice, you should also refer them to the HR
department, who can take further steps to help the employee resolve the issue.
*Always try to maintain a casual work environment: By this, I mean do not micromanage. Let your employees flourish and contribute to
the bottom line of your company. A big
part here is the new kind fo work environment that we are now in.
If an employee wants to work remotely, let them, as long as
they are getting the job done, and also offer them flex hours as well so that
they can also meet the needs of their family as well. But also make sure you
can contact them if the need arises.
*Always be encouraging:
Right now, we are living through some difficult times. Heck, we made it through COVID-19, so we will
make it through this year as well. If your employee wants to explore other
areas of your company to work, give them that opportunity. To the best of your ability, try to always be
supportive.
Now that we have looked at some of the psychological routes
that you the business owner can take, let is look at some of the technical
ones:
*Always maintain a tight set of controls: This is of course easier said than done, depending
upon how large your business is. Btu when
it comes to the financials, you have to be very watchful here, especially over your
bank accounts, and any company credit cards that you may issue to your you
employee. As soon as your employee leaves
for whatever reason, make sure that you cut off ties to these financial assets.
*Disable or delete accounts:
Once an employee is gone, you should either disable or get rid of their
accounts all together, especially if they are privileged ones. Many times IT
Security teams forget to do this, and thus, the ex-employee now has a huge backdoor
to get into. There are also tools out
there that will do this automatically for you, you will just have to configure
them properly.
*Maintain a real time fraud alert hotline: By having this, your other employees can
report in an anonymous fashion any suspicious behavior they see. In fact, In fact, is has been discovered that
42% of all employee fraud cases have been stopped because of an anonymous tip, and
55% all fraud cases have been reported by employees.
In the end, there is only so much you can do to mitigate the
risk of employee fraud from happening at your place of business. All you can do is take proactive steps, and let
your employees be your eyes and ears for any suspicious activity that could be
happening.
No comments:
Post a Comment