The business landscape has changed drastically over the past several months as the world has struggled to combat and adapt to a global health crisis. Many organizations successfully pivoted their workforce to remote work, some even reporting increased productivity as a result.
While there may be some positive outcomes of this forced remote environment as companies reconsider their flexible work arrangements and dollars spent on office space, unintended consequences and risks may also emerge.
For example, even the smallest breakdown in normal risk management procedures or internal controls can lead to an increase of employee theft claims. Furthermore, with a global pandemic comes global economic uncertainty. Employees are worried about the potential for job loss, economic decline and negative effects on their personal finances. All of these factors also contribute to the likelihood of employee theft.
As we continue to navigate these unprecedented times, there are some key areas businesses can focus on to help mitigate the potential of employee crime.
When operations are changed quickly, regular procedures such as accounts payable and receivable and tracking inventory are disrupted. Below are some key factors to consider.
Paper Check. Many companies may require dual signatures on documents. If unable to adhere to in-person countersignature controls during this time, a new process should be established. Companies can contact their bank to develop an electronic process for issuing paper checks where necessary. This process would require a dual electronic sign-off through a secure portal before the paper check would actually be issued.
Wire Transfer. Ensuring that you are transferring money to the right client is critical. To make sure the appropriate controls are in place, multiple people should be included in the process to initiate and reconcile the transfers.
When entire workforces shift to remote, what happens to incoming mail, including checks and invoices? A process should be put in place that ensures the secure receipt of mail. If a new process is necessary, for example if the mailroom in a large office building is shut down or not staffed, a P.O. Box can be used to maintain security.
Monitoring Company Assets. Many companies are struggling to handle inventory and ensuring accurate accounting when existing controls and methods are no longer available. Modifications might be necessary to bridge the gap during this time.
Vendor/Client Controls. Vendor partners and clients are facing the same challenges. If a vendor is requesting changes to accommodate for their company situation, ensure they are legitimate to avoid any scams. Similarly, speak to clients about their internal controls as company information may be susceptible while in their systems.
Mike Henning, a broker at Risk Placement Services, agrees that procedural controls are vital when protecting a company against theft.
“It is important that company computer systems are programmed with electronic separation of duties with strict employee authorities and boundaries, dual authorizations and request confirmations all logged and captured,” Henning said. “With less physical employee interaction and oversight, systems have to be programed so employees aren’t able access and process anything over their authority.”
We are living through extraordinary times, and companies need to be mindful that their employees are having to handle pressures personally as well as professionally. Some of the key areas of concern include:
Technology and equipment
Shifting to remote work means employees, in all permutations of living situations, are relying on their own WiFi networks. Whether they live in a suburban home or in a large apartment or condo building, their network may not be as secure as when in the office. Network security should be a high priority at this time. Additionally, some employees may not have a home office or appropriate technological set-up for long-term remote work. Ensuring employees can work efficiently and comfortably from home is important for business continuity as well as the well-being of employees.
In addition to feeling as if they are not properly equipped with technology, many employees have families at home with them. With schools closed and children at home or remote-learning, employees are facing additional stressors while at work/home. This pressure, or perceived pressure, can lead to cutting corners or careless over-sight.
Many companies are operating with fewer people. Whether a result of coworkers out of work due to illness or acting as a caretaker for those that are, or pandemic related layoffs and operating with a “skeleton” crew, duties that used to be segregated may not be any longer.
Cybercrime and Social Engineering
In uncertain times, the last thing many of us think about is cybersecurity. Cyber criminals are taking advantage of the world’s distraction due to current events to create new ways of targeting the public and manipulating employees to gain access to company systems. According to Henning, “it is more important than ever to confirm requests coming to employees are legitimate because companies of all sizes are more vulnerable than ever to social engineering attack.”
As smaller businesses receive relief loans from the government, attacks on computer systems are increasing as criminals attempt to gain access to these funds. Companies must remain vigilant in monitoring their system. Some security best practices include the following:
Identify phishing scams. The coronavirus pandemic has led to a rise in email phishing scams. IT departments should provide information and training so employees understand how to verify that an e-mail is authentic. For example, sometimes email addresses are slightly modified to look legitimate. Employees should carefully check the “from” email address and domain. Some of the topics criminals are using to draw people into scams include:
- General pandemic terms or news, including alerts for breaking news and links to fake news websites.
- Requests for verification of personal information to receive financial relief such as loans or an economic stimulus check from the government.
- False shipping notifications.
- Unsolicited contact from medical professionals, government agencies, health organizations or any apparent authority figure.
- Infected infographics, maps and tracking apps.
- Advertisements for masks, hand sanitizers or any products that are in short supply, including fake testing kits and bogus cures and vaccines.
- Charitable contributions.
- Airline carrier and vacation refunds.
- Job opportunities.
Avoid Typosquatters. “Typosquatters” take advantage of common misspellings or slightly modify website addresses to re-direct people to malicious websites. If an employee identifies a suspicious email:
- Do not click on any links.
- Check the website spelling.
- Hover over a link to determine if it’s legitimate.
- Open a browser and hand type the website address.
Eventually, this pandemic will pass, and we will get back to some form of “normal.” When we do, it’s possible that we’ll have implemented alternate business procedures that we’ll choose to maintain moving forward, helping us to weather future possible events such as natural disasters, technology outages, travel interruptions and future pandemics.
No matter what disruptions may occur, if a company can remain vigilant in controlling internal procedures, stay mindful of the challenges their employees face and educate their workforce on emerging cybercrime trends, it will go a long way in preventing crime loss.
Was this article valuable?
Here are more articles you may enjoy.