Combatting fraud: Prevention, detection and recovery
Fraud can have widespread repercussions across various areas on any organisation. Those affected by fraudulent activities may face regulatory penalties, financial losses, harm to the company’s reputation, and potential compensation claims. Threats can come from a variety of sources, including your own employees.
During our recent webinar, a panel of and cyber security experts, were joined by Kingsley Napley partner Richard Clayman, who specialises in dispute resolution. Together they addressed the steps organisations need to take to prevent, detect, and react to fraudulent activity. They have detailed their top tips to take away below.
Top tips for combatting fraud
- The impact of fraud, and the need to prevent it, is no longer measured purely from a victim perspective, but also in terms of being required to take active steps to ensure it does not happen within your organisation.
- The critical step for preventing fraud is to gain an understanding of where the weaknesses are in your business. Analyse your business’s three spheres: third parties; employees; management.
- Have a tailor-made fraud identification and response plan for your business, which is clear, accessible, and can be implemented quickly.
- Focus on employee security awareness, for example, identifying potential e-mail or phone scams, looking after their user account credentials, and what to do as well as who to tell if they spot something suspicious.
- Make sure to implement basic cyber hygiene measures within your organisation, using frameworks such as UK’s Cyber Essentials Scheme, the UK NCSC’s 10 Steps to Cyber Security or ISO/IEC:27001 as a guide of where to focus.
- When you review your business process for fraud risk, consider the processes’ dependency on IT systems and how these systems could potentially be abused to perpetrate fraud.
- The impact of fraud is not limited to the funds which have been misappropriated. There are significant tax implications, immediate loss of knowledge from the departing perpetrator, company reputation management issues and possible impact on client relationships and services.
- Companies need strong internal controls, such as segregation of duties, suitable authorisation levels and controls over passwords and security codes.
- Having a good level of professional scepticism and awareness of the types of fraud can be key to detecting fraud at an early stage or preventing it entirely.