Callcredit Blog

Combating the insider Fraudonomics threat: Blog series 1/4 – Create a culture of awareness

Fraud & Verification

It’s a fact, employees are the biggest fraud threat to businesses in the UK – over half of internal breaches are carried out by insiders. As the threat landscape develops and trends like the gig economy take off, security and fraud professionals are facing a fresh new set of challenges in their efforts to protect their organisation. So what can companies to do to mitigate this insider threat? And what could a post breach plan include?

Over the next four days I will explore this through a series of blogs looking at how to create a culture of awareness, how you can use technology to your advantage, how to get ahead and stay ahead and why an effective post-breach plan is needed.

  1. Don’t confine cyber knowledge to the IT department, share the knowledge with your entire workforce
    Organisations are only as strong as their weakest link, and it’s no longer acceptable for cyber knowledge to be confined to the IT department – the entire workforce should understand what the vulnerabilities are in order to prevent them. Last year, we conducted research amongst 200 UK-based fraud and risk professionals for our Fraud Insights report, finding that 85% of organisations are urgently looking to create a more ‘fraud aware’ culture, although one in five also identified this as the hardest priority to address.Some organisations are taking steps to improve employee knowledge. For example, setting up regular security-awareness training to ensure that employees know how to use internal authentication correctly. And making sure that they understand the difference between a secure password and one that could be easily bypassed.
  2. Keep up with the latest cyber security training
    Businesses could also consider taking part in the Government’s Cyber Essentials Scheme, a free program designed to educate companies on how to maintain good cyber hygiene, as well as providing guidance for employees on the common pitfalls and tactics used by hackers. Given that 28% of organisations cite a lack of employee knowledge or education as the biggest obstacle to fraud prevention, this is an option well worth exploring.
  3. Keep access to sensitive customer files limited
    In addition, as part of a company’s records management policy, people who do not absolutely need to should not have access to sensitive customer files, whether paper or electronic. It may sound basic, but it’s important to keep confidential files in a centralised location and under lock and key. For employees that need to access the corporate network while traveling or working from home, ensure that their laptop offers secure VPN access.

My next blog will look at using technology to your advantage and discuss new technologies such as biometric authentication.

If you would like to find out more about the insider threat and fraud risks facing organisations, you can download our Fraud and Risk Report or visit our Fraudonomics page.

 

 

Author: John Cannon, Commercial Director, Fraud & ID

 

Leave A Comment

Your email address will not be published. Required fields are marked *