Sunday, September 11, 2022

3 Top Warning Signs Of Employee Fraud - A Must Read

 


Whenever an employee is hired, an employer would always like to think that he or she would be with them for a long time.  This may have been the trend back when my parents were growing up, but this is certainly not the case anymore. 

Given the digital age that we live and the Remote Workforce that we have now, people are now leaving jobs at rates never seen before in search of other ones, or even perhaps to become a gig worker.  Even despite COVID-19 still lingering on, and the persistent inflation that we are still having, the job market is still very robust.

In fact, you probably have even heard of this era known as the “Great Resignation”.  But whatever it is, the fact is that we are living in unprecedented times.  But, as employees come and go, there is a new Cybersecurity risk that is starting to emerge into the mainstream now:  Employee fraud. 

Whenever we think of this term, we often think of ID Theft, or somebody stealing our credit number.  While these are true cases of it, employee fraud occurs when an ex-employee tries to steal something of value from their previous employer.

For example, it could be a piece of intellectual property, or even names and other types of contact info from customers (especially if this ex-employee wants to start their own business).  And in fact according to a recent report from Microsoft, more than 40% of the current employees are considering leaving their position. 

This only increases the chance of fraud from increasing even more.  More details about this report can be found here at this link:

https://www.microsoft.com/en-us/worklab/work-trend-index/hybrid-work?OCID=AID2101651_SEM_ConnexityCSE&szredirectid=16250758885630100478810070302008005

According to the Cressey Fraud Triangle, there are three key reasons why an employee would engage in committing an act of fraud:

1)     Financial Pressure:

The employee may have all of a sudden been hit with a huge crisis, such as a medical one, and the costs are just too staggering for them to deal with.

2)     There is an opportunity to do it:

Because of the lack of controls, or even a vulnerability, there also exists a chance where an employee could heist something without any ever noticing it.

3)     The act of rationalization:

Somehow, the employee has decided in their own mind that it is OK to commit an act of fraud for personal gains.

More information about the Fraud Triangle can be seen here at this link:

https://www.researchgate.net/figure/Figur-5-The-Fraud-Triangle-Bolton-2015-Stuart-2011_fig4_319872767

What is interesting about this triangle is that usually takes just one factor or even a combination of them for the employee to commit the illegal act.  But apart from these three motivating factors, there are also other three telltale signs that an act of fraud could be occurring or there is the potential of it in actually happening:

1)     The employee is spending too much:

This simply means that the employee is spending far more than they are earning.  Usually the excess buying is triggered to make the person “feel good” that they have something they think that they have wanted, but they really don’t need it.

2)     Money shortages:

As mentioned earlier in this blog, the employee could have been hit with a huge, unexpected expense.

3)     Different kinds of relationships:

By this, I mean that the employee is starting to develop unusually strong ties to their clients and/or third-party vendors.  If this is happening, this typically means that they are wanting to start their own business, and are looking at getting some customers to transition to their new gig.

More information about other telltale signs can be downloaded at this link:

https://www.acfe.com/fraud-resources/global-fraud-survey

My Thoughts On This:

At the end of the day, there is only so much that you, the employer can do, to help mitigate the risk of employee fraud occurring at your business.  But here are some actionable tips that you can take:

*Always maintain an open-door policy.  As far as possible, if an employee is having a problem with something, take the time and listen to them, like a good friend would.  In these cases, they are often not seeking advice, they just want somebody to listen to them. 

But if they need advice, you should also refer them to the HR department, who can take further steps to help the employee resolve the issue.

*Always try to maintain a casual work environment:  By this, I mean do not micromanage.  Let your employees flourish and contribute to the bottom line of your company.  A big part here is the new kind fo work environment that we are now in. 

If an employee wants to work remotely, let them, as long as they are getting the job done, and also offer them flex hours as well so that they can also meet the needs of their family as well. But also make sure you can contact them if the need arises.

*Always be encouraging:  Right now, we are living through some difficult times.  Heck, we made it through COVID-19, so we will make it through this year as well. If your employee wants to explore other areas of your company to work, give them that opportunity.  To the best of your ability, try to always be supportive.

Now that we have looked at some of the psychological routes that you the business owner can take, let is look at some of the technical ones:

*Always maintain a tight set of controls:  This is of course easier said than done, depending upon how large your business is.  Btu when it comes to the financials, you have to be very watchful here, especially over your bank accounts, and any company credit cards that you may issue to your you employee.  As soon as your employee leaves for whatever reason, make sure that you cut off ties to these financial assets. 

*Disable or delete accounts:  Once an employee is gone, you should either disable or get rid of their accounts all together, especially if they are privileged ones. Many times IT Security teams forget to do this, and thus, the ex-employee now has a huge backdoor to get into.  There are also tools out there that will do this automatically for you, you will just have to configure them properly.

*Maintain a real time fraud alert hotline:  By having this, your other employees can report in an anonymous fashion any suspicious behavior they see.  In fact, In fact, is has been discovered that 42% of all employee fraud cases have been stopped because of an anonymous tip, and 55% all fraud cases have been reported by employees.

In the end, there is only so much you can do to mitigate the risk of employee fraud from happening at your place of business.  All you can do is take proactive steps, and let your employees be your eyes and ears for any suspicious activity that could be happening.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...