Unlike some legitimate businesses, organized crime enterprises can be expected to weather the current COVID-19 crisis. In fact, with millions of Americans now working from home, organized crime-related cyber fraud — including phishing schemes and ransomware attacks — has grown exponentially. If you have not done so recently, it is important to review and possibly upgrade your company’s cybersecurity plan now. Also ask yourself, how else can you protect your business and employees?
To adapt to the new environment, many companies are making changes to their business models. If you are in the process of pivoting, be sure to factor in potential fraud. View your company through the eyes of a criminal. This means that for each proposed change, you should map out processes and procedures and look for control gaps. For example, if you have a retail store and plan to implement a curbside pickup program, consider how a criminal might exploit your program and defraud your business.
If you uncover gaps in your defenses, prioritize which weaknesses to address. Most budgets are tight these days, so you might simply add supplemental controls. Using the previous example, suppose that employees currently can deliver products to curbside customers without first verifying payment. This puts your business at risk both from outside criminals and unethical employees. Instead, require employees to verify payment with a manager before they remove items from inventory. Or, assign two employees to the process: one to verify payment and the other to hand the product to the customer.
Do not overlook the role employees can play in preventing and detecting fraud. Organized crime often seeks to collude with employees. So, make employees aware that they could be contacted by criminals online or in person and encourage them to notify their managers if someone takes a suspicious interest in their job or the business. Also, educate employees about the type of fraud threats that your organization faces and the controls you have implemented to address such threats.
Education should extend to owners and management. In addition, consider monitoring the business press and checking in occasionally on the FTC’s and FBI’s websites for news on the latest fraud schemes targeting businesses. Crime syndicates tend to be agile and change their methods frequently to keep targets off-guard.
Criminals, particularly organized networks, know how to capitalize on social and financial disruption and uncertainty. Your business needs to be alert to potential fraud, particularly if you are in the process of updating your business model. The best defense aligns your organization’s people, processes, and technology in a way that enables early detection and prevention. Contact us for assistance. We can conduct a risk assessment of your organization and help you implement the latest, most effective controls.