Business fraud is significantly more common occurrence than many distributors and manufacturers realize. Just because you don’t know about any instances of fraud hitting your organization doesn’t mean it hasn’t happened — it may just mean that you aren’t aware of it.
According to PriceWaterhouseCoopers’ (PwC) 2018 Global Economic Crime and Fraud Survey, nearly 50% of businesses globally report being victims of business fraud and economic crimes. Additionally, PwC reports that insiders perpetrate 52% of all fraud. Of those internal actors, senior management level employees represent 24% of them — an increase from 16% in 2016.
It is for these reasons, and others, that it’s imperative for distributors and manufacturers to stay vigilant and do develop an awareness of these crimes that can leave a business crippled.
What is Business Fraud?
Business fraud, also known as corporate fraud, is something that can hurt a business or its customers. Business fraud is described by the U.S. Federal Bureau of Investigation (FBI) as:
“dishonest and illegal activities perpetrated by individuals or companies in order to provide an advantageous financial outcome to those persons or establishments… These schemes often appear under the guise of legitimate business practices.”
Fraud in business is a growing issue and can come in a variety of different formats. For distributors, some types of fraud can include:
- Identity Theft: This occurs when employees or other malicious users steal the personally identifiable information (PII) of clients or employees.
- Payroll Fraud: This type of fraud can result when employees report fraudulent work hours, get colleagues to sign in for them, or even request cash advances that they never repay.
- CEO Fraud: This form of fraud occurs when a malicious actor infiltrates your organization’s digital communications pretending to be you or another senior-level executive to get employees to wire funds.
Different kinds of malicious actors — including hackers, your employees, or even your customers — can perpetrate these types of business frauds and economic crimes. So, as a distributor, what can you do to prevent fraud in business?
How Distributors Can Protect Themselves Against Fraud
In many cases, cybersecurity for distributors is the first and strongest line of defense for your organization in our increasingly digital and connected world. Some best practices for countering cyber threats include:
1. Limit User Access to Only What is Essential for Job Functions
If your business keeps a lot of paper records, the first thing you’ll want to do is ensure that they are safely and securely stored. Limiting employee access to sensitive information to only the individuals who actually need access to those files can help you to avoid some business fraud.
The same can be said for access to digital information and data. By creating a policy of least privilege (POLP), you’re ensuring that users only have access to the data they require to perform their jobs. Just because someone uses a computer to perform their job functions doesn’t mean that they need access to your entire computer system or network. Determine which types of access different job functions require and set those limitations on every employee’s account.
2. Ensure All Software & Cybersecurity Defenses Are Up to Date
It amazes me how something so simple is one of the most neglected aspects of cybersecurity for distributors. As a managed security service provider (MSSP) that has worked with Los Angeles distributors for more than 25 years, many of our clients came to us after experiencing business fraud, cyber attacks, or cyber threats against their distributor technology. And, in many cases, their issues could have been avoided easily by keeping their software patches and security updates up to date.
Having strong cybersecurity protection in place can help to keep your business’ sensitive data and the personally identifiable information of your employees and clients secure. This can include managed security systems that include:
- Managed intrusion detection & intrusion prevention services (IDS/IPS)
- Managed firewall and EDR
- Managed multifactor authentication (MFA) methods
3. Implement Employee Monitoring Systems to ID Fraudulent Activity
One of the most effective ways to prevent internal business fraud is to use monitoring systems that can help you track your employees. These can range from knowing when employees report to (and sign out of) work to using CCTV security cameras to track and monitor employees while at work to increase accountability.
4. Perform Regular Penetration Testing to Identify Security Gaps
Fraud in business can result from threats to your organization and clients that exist both inside and outside of your network. As such, you need to run running penetration tests (“pentests”) that try to find weaknesses or gaps in your security that could be leveraged by internal and external threats alike. These tests, which can be performed by your in-house team or an MSSP, should be performed regularly as well as when any changes are made to your network or IT infrastructure.
Armed with the results of your tests, you then can prioritize what needs to be fixed and what security gaps need to be addressed. Furthermore, this provides you with invaluable knowledge of areas of missing knowledge that can be used to train employees.
5. Train Employees to Recognize Dangers & Create “Human Firewall”
Cybersecurity training for employees at all levels is vital for virtually any business, including distributors and manufacturers. Every organization has some level of cybersecurity awareness training for its end-users — no matter whether that training at the “nonexistent” level or is completely fleshed out with comprehensive and documented processes.
Cybersecurity awareness training is a tremendous aid to your cybercrime prevention efforts because it helps employees become “cyber aware” and learn to recognize cyber threats and learn how to respond to them. These threats can include phishing scams, malware, CEO fraud and other forms of business email compromise (BEC). They essentially become your company’s human firewall by minimizing the human weaknesses that create gaps in your defenses. After all, your employees are not IT security experts and simply may be unaware of the many cyber threats that exist.
Business fraud for distributors is a serious matter and can cost your organization significant money and puts your clients’ trust in you at risk. The security experts at VC3 take these matters seriously and provide the best possible services to help our distributor clients minimize the potential dangers of small business fraud for their business through many of these cybercrime prevention methods.