Economic upheaval brings with it the increased risk of fraud.
Heightened anxiety may cause employees to forget security procedures or overlook discrepancies. With the massive increase in telework, cybersecurity efforts are stretched thin: staff is connecting to different, possibly insecure, networks or using personal computers for professional tasks. Companies that have not previously built out a safe “work from home” IT plan are especially vulnerable.
The pandemic is a perfect storm of vulnerability to fraud that can have devastating consequences for your business.
It’s no surprise that scammers understand and exploit this vulnerability. According to the Association of Certified Fraud Examiners (ACFE), fraudsters are seizing this opportunity in a number of ways. The organization offers these tips to help keep your company secure:
Don’t click. Scammers are clever. They design emails and web pages to look legitimate. The problem is, clicking a link, downloading a file, or cutting and pasting a URL can be a criminal’s way into your network. Even “known” sources can be spoofed by clever hackers.
Confirm the source before you click or download—a quick phone call using a number you know to be legitimate will let you know whether the email came from an approved source.
Check execs. One of the newer types of scams involves a hacker posing as the CEO or executive of a company. The hacker will contact an employee by email or text and instruct the employee to make an urgent wire transfer or arrange another type of financial exchange. The request looks legitimate because the hacker “spoofs” the executive’s email or phone number.
Many employees have never heard of this type of scam, so educating them is a good start. Remind colleagues to check all requests with a phone call, fresh email thread, or newly initiated text before taking any action. Do not reply to what you received.
Verify “official” requests. The IRS doesn’t call companies asking for employees’ personally identifiable information (PII) such as Social Security numbers. Banks, credit unions, and government entities don’t text asking for your passwords. No third parties should be contacting your employees seeking information “required” to get stimulus money or tax refunds. No legitimate charity wants to be paid in gift cards.
Under normal circumstances, employees might not fall for these scams. But if they’re working remotely or feeling particularly busy or stressed, they might not be paying close attention.
Know your suppliers. As companies reopen, many are being approached by unknown vendors selling high-demand products such as sanitizer, masks, and other protective gear. Some are even promoting fake cures or treatments for COVID-19.
Stick with vendors you know and trust. They will charge you fairly, deliver what you ordered in a timely manner, and appreciate your loyalty.
Retrain and Remind
All the software and procedures in the world can’t secure your business if they’re not utilized properly by your team. Now is a great time to ensure everyone is following the proper protocols. A conference call and/or screenshare can serve as a friendly reminder that everyone needs to be vigilant.
Dembo Jones’ team of Certified Fraud Examiners is available to evaluate your company’s risk and offer a comprehensive plan of action before (or after) fraud strikes.