Fraud is an unpleasant topic; however, with its impact on the rise, business owners and consumers alike are faced with this growing threat. Often, when fraud is discussed, many of us think of the countless teams of external thieves and cybercriminals targeting businesses daily. However, did you know The 2018 Insider Threat Report claims 66% of organizations consider malicious insider attacks or accidental breaches a higher probability to occur than external attacks? Also, that a larger number of firms consider insider threat more damaging than external attacks?
Intentional Insider Threats
Simply put, they’re not wrong. Although external fraud attempts are relentless and of constant concern, there are also countless ways insider threat—both intentional and non-intentional—is of credible concern to business owners. “Unfortunately, employees of organizations have found a myriad of ways to defraud their employers,” said Tony Gales, Partner/CPA and acting Internet Security Manager at Rossi, LLP. “As a CPA firm, we partner with our clients to ensure there are proper controls in place to help prevent fraud before it even starts. Without safeguards in place, colleagues and vendors are going to do what they are allowed to do. If they [employees] anticipate an annual financial audit by an external firm, such as Rossi, then they’re less likely to even attempt fraudulent behavior.” He said it’s simply because they know someone is watching and will be caught.
Gales said that many business owners may not realize their CPAs offer many more services outside of the tax arena. Forensic CPA services offer comfort to business owners as there is then an objective third-party that can uncover most financial discrepancies that may be occurring. “For example, you never know if you have a disgruntled employee who may find a way to defraud the company or an accounts payable employee who is falsifying invoices,” said Gales. “It’s often a matter of resources, especially for smaller businesses, where the accounts payable person may also be the accounts receivable person.” It’s always important to stay vigilant.
First Bank’s Positive Pay, an effective and easy system, is designed to help you stay vigilant and defend against check and ACH fraud. Positive Pay detects fraudulent checks and ACH debits at the point of presentment and is then systematically cross-referenced with the information in the client’s First Bank file. It’s a purposeful tool in your arsenal in the fight against fraud. Read How Your Business is at Risk for Fraud (And What You Can Do About It) to learn more about the benefits of Positive Pay.
Non-Intentional Insider Threat
Of course, not all insider fraud attempts are malicious and intentional. Monitoring, educating, and limiting what employees and third-party vendors may access is a crucial first step in the fight against fraud. “You have to test your internal control systems and staff to see if your business is susceptible to threats like phishing,” he said. “If one of your employees opens the door and lets the “outside” into your internal networks, your client’s data, your employee’s data, and all of your sensitive financial information is at risk.”
Gales suggests regularly testing your employees and gauging their knowledge. Ongoing education and testing your risk level is necessary. Of course, you’ll also want to work with a trusted resource (internal or external) to ensure your systems are on point within your industry, are properly updated on a regular basis, and all employees are held to regular password changes and rules to help add additional layers of security to your internal controls.
Aside from ongoing education, proper system installation, software updates, and regular internal and external monitoring, First Bank can also offer assistance in the fight against fraud. Feel free to reach out to any of our trusted advisors at First Bank to discuss your unique business challenges or reach out to Tony Gales at Tony.Gales@rossillp.com for forensic CPA services or discuss his protocols for insider threat security management.