Small- to medium-sized businesses with less staff and resources are particularly vulnerable to fraud.
What are the risks?
According to a Deloitte survey of business executives, half said they are not confident in the internal controls put in place at private companies to prevent technology fraud.
External threats
Businesses most prone to technology fraud are those that do not have adequate protections in place to guard their informational assets. It is vital to have an information technology (IT) manager or consultant on board to maintain equipment and software, develop internal controls and ensure appropriate security measures are adhered to. Some examples include:
Install anti-virus software and keep its definitions updated
Implement a strong firewall
Ensure updated security patches are installed on computers
Isolate computers used to access sensitive data
- Force logoff when the machine is idle
- Install email spam filters and web filter
Don’t forget social media
In a similar fashion, social media properties can be vulnerable to fraud. Hackers have been able to spoof Facebook and Twitter pages, leading users to link to those sites. The more a business can inform its staff and customers about best practices, the more these users will know what to look out for.
Internal threats
While unfortunate, technology fraud is often perpetrated by someone inside the organization. IT tends to be a largely unmonitored function, thereby giving technology professionals unfettered access to highly sensitive data and expensive equipment. In less malicious scenarios, the IT manager may simply not have enough experience to put proper controls in place.
Protect your company from technology fraud
As with any type of risk management, it is critical to identify the types of risks at play and how a company can and should work to prevent them. Businesses can take action by doing the following:
- Develop a risk management plan and policies and procedures – Work with in-house IT personnel or a technology consultant to identify the potential technology risks within your organization and establish sound policies and procedures to reduce the likelihood of a breach.
- Information technology audit – Regardless of whether technology is managed internally or externally, businesses should allocate resources to conduct an information technology audit.
- Educate employees – Although fraud can be perpetrated by employees, many times they are simply the victims of external fraud attempts.
- Reporting procedures – It is also important to provide employees with a means to report fraud. According to the Deloitte study, employee tips are the number one way employee fraud is detected.
Responding to fraud
Despite putting appropriate controls in place, sometimes fraud still does occur. So what should a business do if it suspects fraudulent activity? The following steps are recommended:
- Assess the source of the fraud – If the source of the fraud is external, alert your IT manager or consultant to devise a solution and protect existing assets.
- Consult with external IT counsel – Outside counsel can help identify whether a breach has occurred and what or who the source might be.
- Contact authorities – Now is not the time to try and resolve the problem internally.
- Communicate with your target audiences – As with any risk situation, it is important to keep your target audience informed in the appropriate manner. If customer data has been breached, they have a right to know.
These days, businesses’ reliance on technology can leave the door wide open for fraud to occur. Whether the source is internal or external, business owners and executives must be aware of the dangers of technology fraud and put in place plans and controls to prevent security violations. If they don’t, the technology they need so critically can cause a critical problem down the road.
Kristy Weaver is senior vice president for Pacific Continental Bank in Vancouver. She can be reached at Kristy.weaver@therightbank.com.
{jathumbnail off}