Companies Fear Scammers Will Exploit Staff at Work

Nearly two-thirds (63%) of decision makers in large UK businesses are worried that employees will be targeted by fraudsters, with 50% of respondents fearing staff could become an ‘insider threat’, according to research from fraud prevention service Cifas.

The survey suggests that leaders in charge of staff training are increasingly worried about the impact fraud could have on their organisations.

Cifas warns that employees can be an attractive target for criminals who use different tactics to exploit their position and engineer a direct route into an organisation. Examples include phishing emails and fake documents to trick staff into downloading malicious software onto their system, and rushing through payments before they have been properly checked.

Some fraudsters are also known to approach workers either in-person or online, promising cash in exchange for sensitive company information. The increase in hybrid and remote working also continues to pose challenges to businesses trying to reduce the threat from staff who are willing to put their companies at risk and abuse their positions.

Rachael Tiffen, director of learning at Cifas, said: “Many organisations are fearful employees will become embroiled in the insidious world of fraud. When your workforce is your first line of defence, businesses must have robust procedures and policies in place to ensure security is not compromised and colleagues and customers are kept safe.

“Building counter-fraud skills and developing an anti-fraud culture can help to further protect businesses, ensure employees understand the dangers of criminal approaches or insider risks, and encourage workforces to report suspicious activity.”

Cifas recommends eight steps organisations can take to improve internal controls to detect and prevent fraud:

1. Run fraud risk assessments to consistently review gaps and ensure vulnerabilities are remedied at the earliest opportunity.
2. Implement counter-fraud measures that improve business safety, such as having a robust code of conduct and procedures and policies in place that cover device and data security.
3. Invest in technology that enhances security controls on equipment, for example multifactor authentication and facial recognition.
4. Roll-out proper vetting checks through an employee’s entire lifecycle and screen regularly – regardless of their job title.
5. Provide specialist training consistently so employees continue to develop counter-fraud knowledge and upskill in how to spot and report signs of dishonest conduct.
6. Create accessible ways for staff to escalate concerns confidentially such as through their managers and/or via a whistleblowing service.
7. Be aware of any unusual patterns among staff. For example, are they now exhibiting a lifestyle that contradicts their salary? Are they suddenly disgruntled and/or reluctant to adhere to organisational controls? Look out for signs of behaviour changes.
8. Prioritise employee welfare. When staff know support is available, that can often be the difference between them seeking help or feeling they have no other option but to be dishonest.

“Building counter-fraud skills and developing an anti-fraud culture can help to further protect businesses, ensure employees understand the dangers of criminal approaches or insider risks, and encourage workforces to report suspicious activity.”

Rachael Tiffen, Director of Learning at Cifas