TexasPGB logo artwork
Blog Layout

Easy Steps for Fraud Protection

Chelsea Sauder • Nov 12, 2019

November 17-23, 2019 is International Fraud Awareness Week.  

Small to Mid Size Businesses Risk to Fraud Statistics

 “Fraud Week” is spearheaded by the Association of Certified Fraud Examiners (ACFE), who estimates businesses lose 5 percent of their revenue each year due to fraud.  While fraud defense is certainly important all year long, Fraud Week is a chance to shine light on the issue and spread key strategies you to protect your business.  No matter your business size, everyone is at risk to fraudulent activities.

 

Businesses with fewer than 100 employees lose almost twice as much as businesses with >100 employees.  These smaller businesses generally have less robust anti-fraud controls, if any, and are therefore more vulnerable.   

The good news? Fraud is generally predictable, and once recognized you can take the appropriate steps to limit your exposure to losses. According to ACFE studies, 85% of cases displayed at least one red flag behavior by the fraud perpetrator, and in 50% of cases there were multiple red flags. 
Six most common behavioral red flags found in every ACFE study since 2008 are: 
  • Living beyond means 
  • Financial difficulties 
  • Unusually close association with vendor/customer 
  • Control issues/unwillingness to share duties 
  • Divorce and family problems 
  • “Wheeler-dealer” attitude 
Detecting and preventing fraud requires a multi-pronged approach, including both human behavior and technology controls. Successful human behavior steps focus on recognizing the red flags.

Five immediate steps your organization can take to improve employee behavior for recognizing fraud are: 
  1. Be Proactive. Adopt an organizational policy around fraud and ethical behavior. Take time to look around within your business and identify areas that may be vulnerable to fraud. Don’t stop thinking about the possibility of fraud just because Fraud Week is over! 
  2. Hiring Procedures. Conduct thorough background checks on candidates for hire. Check educational, credit, and employment histories as permitted by law. This step requires a monetary and time investment. However, your initial costs will be much less than any potential losses you may experience as a victim of fraud. 
  3. Train Your People. Do your personnel know the red flags above and the warning signs of fraud? Have you provided employee training covering basic prevention techniques? Some easy tips from the US Federal Trade Commission: 
    1. Spot Imposters – Scammers rely on the victim believing that the scammer is trustworthy, so even when you think you know the person making the request, don’t give out money or information to an unexpected request – whether it’s a text message, phone call, email, or other method. 
    2. Don’t Believe Caller ID – Just as you can write any return address you like (that is, not your own address) on an envelope when you put it in the mail, Caller ID is easy to fake and the number displayed should never be considered trustworthy. If you receive a call asking for money or sensitive information, do not divulge it without first authenticating the person on the other end. Call them back at a known good phone number. It might even be the number on your caller ID, but when you dial it, it goes to the actual person, not the scammer. 
    3. Slow Down and Verify – Scammers want to do everything possible to convey a sense of urgency and get you to believe you must take action right away. That’s almost always not true. Remember the phrase JDLR for “Just Doesn’t Look Right” – if it seems unusual or suspicious, don’t brush that off – take a minute and check it out. 
    4. Consider a Fraud Hotline - Most fraud cases are discovered by a tip. Having an anonymous reporting system available to your employees, contractors, and customers can help uncover high risk and fraudulent situations and actions. 
    5. Keep Fraud on Top of Minds - Communicate with staff regularly about anti-fraud policies, methods available to report suspicions, and the potential consequences of fraudulent behavior. 
The second component that can help with fraud detection and prevention/mitigation is technology. In the age of artificial intelligence and behavioral analytics by computer, what these tools all fundamentally do is reinforce the training mentioned above helping people identify potential fraud behaviors. 

Three immediate steps to use technology to protect your employees from fraudulent activities are:  
  1. Tag Your Emails! Have you ever noticed when you email someone outside of your company and they reply to you, the subject line of the email might change slightly, usually containing [Ext] or [EXTERNAL] before the original subject? This is a feature of email systems to warn the user the message came from outside of their company. Using these tags are helpful because many email applications show only the sender’s name, which may be fraudulent, without displaying the actual email address. If your company uses Office365, this tagging is free to use but isn’t enabled by default.
  2. Use Multifactor Authentication! Sometimes despite awareness and training, people still make mistakes. A threat actor might steal a username and password or convince somebody to click a link that results in malware giving the bad guys access to their computer. If you’ve enabled multifactor authentication, user credentials or back door access will only get the threat so far. Multifactor authentication requires additional information to be provided to confirm the identity of the user, such as receiving a passcode via text. If mulitifactor authentication is enabled and the threat does not have access to the required information there are limitations to their access into your system. Like email tagging, many applications (including Office365) include this capability for free, but do not enable it by default. Make sure your IT team has set a plan in place to enable all eligible applications with multi-factor authentication. 
  3. Be Vigilant with Digital Permissions! It’s easy to give all your employees the same level of computer access. But there’s no reason for a marketing intern to be able to access sensitive systems like HR or Finance. Take the time to establish set rules for creating new user accounts and granting relevant permissions to user types. Make sure these user policies include everything from internal staff as well as contractors or third parties that may need limited access to your systems. Why is this so important? While all your users may be trusted to only use the system for their role, that cannot be said for an attacker. With many people using a common password from personal accounts to work computers the risk of compromised credentials is increased. Combined with the fact that there are over eight billion known compromised accounts from hundreds of data breaches, odds are pretty high that people may reuse a password that’s already been compromised. While we all know that no one should ever reuse a password, the reality is that it happens. Don’t leave this low hanging fruit for criminals to perpetrate fraud. By following a digital permissions policy, you limit the access of one compromised account on your entire system.
During the rest of International Fraud Awareness Week, we encourage everyone to take a look at what their organization can do differently to protect themselves and their employees against fraud more effectively. Contact TexasPGB for a thorough cybersecurity audit and implementation of digital strategies that can protect your systems. 
Let's Talk
Share this post with others:

Finding Your Process Automation Sweet Spot

19 Aug, 2021
When it comes to automating processes around your business, it can simultaneously seem like everything can be automated, and absolutely nothing can be automated. As with many other things, the real answer is somewhere in the middle but can be a bit challenging to put your finger on. These projects usually start when someone at the strategic level of the organization has decreed that “we are going to automate!” and either they personally go on the hunt for what to automate or they hand it off to someone on their team to go do the leg work and come back with “automation” (maybe in a nice box with a bow on it). Sound familiar?

Three Ways To Accelerate Report Modernization

17 Aug, 2021
Data is everywhere. You’ve got a lot to focus on and it can be hard to stay on top of what’s going on with your business. Report creation in Excel is often time-consuming and can quickly become a nightmare. Modernizing your reports and streamlining your process with PowerBI to get more reliable and consistent reporting across all of your systems can be a game changer for your business. Read on to learn about three key acceleration tactics that our team uses on every implementation that we facilitate.
Infographic: How to Save time and Money with Microsoft Teams

INFORGRAPHIC: Microsoft Teams Time Savings

By Patrick Boren 08 Feb, 2021
83% of knowledge workers require technology to work together. Microsoft Teams is a cloud-based collaboration and communication tool that lets workers share the right information to the right people all through one integrated platform. According to a Forrester report, The Total Economic Impact of Microsoft Teams, there are a variety of ways using Teams saves organizations time and money. Read and download the infographic to share here .
Top Features of the Power Automate App for Teams by Microsoft

Top Features of the new Power Automate App for Teams by Microsoft

By Patrick Boren 22 Jan, 2021
How to Get Started with the Power Automate app for Teams You can get started with Power Automate app in just 3 quick steps:  Click on the … in the left-hand corner of your teams browser Search for “Power Automate” Click on the Power Automate app icon and pin it to your left-hand Teams navigation panel
What Are Your TOP 3 Processes To Automate In 2021

What are Your Top 3 Processes to Automate in 2021?

By Patrick Boren 18 Jan, 2021
As mentioned, there are several options available for automating your business. One of our favorite low-code/no-code options is the Microsoft Power Platform. As a suite of 4 different tools, the Power Platform can automate routine tasks, customer support, data visualization, and more. A few highlights on the effectiveness of the Power Platform are:
Top Microsoft Solutions to Watch in 2021

Top Microsoft Solutions to Watch in 2021

By Patrick Boren 06 Jan, 2021
It is no secret that 2020 and the coronavirus pandemic altered the reality of doing business. These changes are showing little signs of letting up and a lot of the adjustments made to respond to a remote workforce may very well become a permanent feature in daily business operations. As business decision makers (BDMs) and IT decision makers (ITDMs) head into a new year it is important to keep an eye out for technology solutions that can further support these operational changes while increasing efficiency. This post briefly highlights the top 3 digital solutions we have our eyes on for 2021 and our Microsoft-based clients.
Video Webinar Introducing Microsoft 365 Dynamics Project Operations

Intro Video to Microsoft Dynamics 365 Project Operations

By Patrick Boren 31 Dec, 2020
In our latest video series, Patrick Boren, Principal Consultant at TexasPGB, introduces the newest addition to the Microsoft Project family, Microsoft Project Operations. In this video Patrick discusses: What challenges Project Operations aims to solve What is Project Operations and common use cases for the tool Who uses Project Operations Upcoming "Day in the Life" Sessions Watch the video or read the condensed transcript below.
Top Tips on How to Use Microsoft PowerBI to Avoid Data Overload

Power BI: Top Tips to Avoid Data Overload

By Patrick Boren 19 Nov, 2020
Having a wealth of data at your fingertips is great, but what happens when your data is so vast that it takes you years to make a key discovery? A friend of mine told me a story recently about an experience he had. His first company conducted a VP meeting every quarter – everyone scrambling to put together their presentations and make their case based on the data from Excel spreadsheets. Departments and information tended to be segmented into silos. While much of the data could be shared across the company, rarely was it compiled in a way to show how one area of the business could affect another.
Solution Design SharePoint vs Common Data Service

Solution Design: SharePoint vs Common Data Service

By Patrick Boren 12 Nov, 2020
If you are looking to migrate your data to Microsoft 365 there are two common methods to funnel your data - SharePoint or Common Data Service (CDS). SharePoint solutions take advantage of lists and libraries. Data is housed, originated, and manipulated entirely within the SharePoint platform. CDS solutions use both standard and custom entities to collect and house data that is then integrated across the Microsoft 365 platform. Below we will review a few ways each method is different and what you should look for before making a final decision for your data migration plan.
How managed service providers and technology consultants are different and why you need both

How MSPs and Technology Consultants are Different - And Why You Need Both.

By Patrick Boren 15 Sep, 2020
When it comes to technology, do you have a one-size-fits-all vendor? In today’s world of cost cutting, we see more and more organizations that end up missing out on huge technology opportunities by assuming a single vendor can and will do it all.  As a technology consulting firm, we’re frequently asked “aren’t you the same as my managed service provider (MSP)?” Fortunately, for those that ask, we’re able to shed light on how a Technology Consulting Firm varies from an MSP.
More Posts
Share by: