We’ve talked so much about the recession in recent months that it’s hard to believe it’s still on the horizon and not in the rearview mirror. But most experts agree that we are sliding into an economy groggy right now – and be prepared for all the personal and business struggles that come with any economic downturn. Let’s discuss four ways businesses can reduce their risk of fraud during a recession.
Fraud spikes in any recession
Fraud spikes during a recession. As the recession begins or lingers, it will become increasingly difficult for you to get on with your life as before. The unemployment rate increased, people carried more debt and the price of basic necessities increased. Many people find it difficult to pay bills, keep food on the table, and generally stay on the water. As a result, the idea of making easy money through fraud or theft becomes more appealing to people who are struggling.
At the same time, businesses feel the downturn largely through a drop in demand for their product or service – which makes each sale harder than ever to secure.
As companies look to tighten spending, they inevitably have to analyze their tech stack. Anything backends gets sidelined when times are tough – including fraud prevention software. And in some cases, there is a temptation for businesses to shirk their usual security and privacy responsibilities in order to open up additional sales.
Online sellers make the conscious decision to dial in fraud prevention to maximize deals during peak shopping seasons like Black Friday and Cyber Monday.
Perfect Storm – Higher risk of cheating and reduced combat power
This combines to form a perfect storm of higher fraud risk and reduced resistance to it for businesses. Fraudsters are likely aware of the fact that companies will lower the security threshold and will seek to take advantage of that fact.
Fraud can attack from many directions, making it difficult for businesses to take their eyes off.
Potential access point for cybercriminals
In addition to fraud from external sources, the risk of internal fraud or third-party fraud (originating from a supplier or partner) also increases during a recession. The management and integration tools installed at enterprises over the past decade to increase efficiency and speed up workflow across an entire company may not be secure. The parties connected to each new resource, exacerbated by Covid’s need to work from home, are also potential entry points for cybercriminals to commit fraud.
A company that is highly connected will be productive – but it also has more areas to be safe.
Four potential frauds that lead to a company’s face in any recession
Let’s look at four potential fraud paths a company can encounter during any recession, as well as tactics to cut out the bad guys before they have a chance to damage the business.
1. Insider Threats
Employees are working faster to try and hustle, missing out on things they usually do like fraud done through phishing and other email methods, made even more difficult by working conditions from far away.
The stress and heightened expectations that must be exercised to offset an economic downturn can cause disgruntled employees for not doing their best to keep the company safe.
Security can become lax due to fewer resources or through an attempt to attract more customers by passing security checks. Fraudsters will work overtime to take advantage of any vulnerabilities that are evident through lowered security thresholds.
Security Awareness – Authentication and Firewall
Prioritize regular security awareness and training, and only give employees access to the systems and information they need to get the job done.
Start with employee onboarding to ensure that there is enough awareness to keep your company and systems safe. This effort will help keep those vulnerabilities from appearing and reduce the risk of costly and human error.
Applying a no-trust access policy and implementing persistent authentication within the corporate firewall can also help prevent phishing activities.
2. Change of personnel
Employee leave is the essence of the business, but the fraud risks associated with these leaves are real, especially if the cause of the employee’s departure is due to a reduction in the workforce.
Change the password on the system (including your office door)
If a password doesn’t change, such as after an employee leaves, the data hidden behind that password could be compromised. One study showed that 49% of employees are logged in to a work account after leaving location. All accounts and systems will be inaccessible by the time the employee leaves – on that day. It’s someone’s job to handle this part of your activity.
Internal fraud is a real thing, but it’s even more likely to happen after employees leave the company — especially if they’ve been terminated or haven’t left on the best terms. .
Remember – the difference between an employee “going to find where they shouldn’t go” and “selling your data” is not as broad as many people think.
Offline plans and responsibilities
Make sure you have an “introduction” plan in place to ensure your company stays protected when employees leave. Remove access to all important documents, disable email inboxes, revoke logins and accounts for all potential connected devices.
Make a checklist for what needs to be done in each introductory situation and make sure to complete each item. If there is a wave of layoffs, that checklist will be especially helpful.
It’s easy to miss a small step for one of those individuals that can have significant ramifications.
3. Fraudulent account and login
When it comes to employee account security, there are plenty of options. However, when selling to customers, they cannot reasonably be subjected to such stringent security restrictions without a direct impact on profitability.
Fake accounts, hacked accounts, application fraud, and synthetic identities are all used to scam companies right from the point of access normally issued to legitimate customers.
Many businesses that sell on their websites or apps use multiple security checkpoints like multi-factor authentication (MFA) to make sure people are what they say they are, but this has the side effect of providing a great experience. unpleasant experience for the vast majority of users. Is it legal to simply buy from a business.
Can your business identify its network?
Interacting with a real-time identity network allows companies to better identify their visitors – businesses can verify identity once and then keep roadblocks hidden for the rest of that session . But of course, some fraudulent activities have legitimate aspects to them; even a properly set up account can be used for nefarious purposes.
Identity networks allow companies that connect to their networks to receive warnings about sketchy behavior even before a new user arrives to do anything on their website or app.
With real-time user data, collected (and then anonymized) from all sources — more and more as IoT connects devices to create a more complete picture of a person’s activities — security can remain high without making the user experience bad for the average user.
4. Supplier-based risk
Just as a departing employee represents a risk that needs to be addressed before it gets out of your control, ending a supplier relationship can create problems if there are shortfalls. security flaws.
Even if the relationship is solid and ongoing, inter-company connectivity means that there will be a number of individuals at the supplier who have access to your company’s information. Unless you have safeguards in place, there’s not much you can do to control their actions.
Negotiate with suppliers early in the relationship to retain more control over what’s shared to maximize your protection.
For existing providers, notify this during contract renewal. And just like with employees, make sure your internal team members have a plan in place for when supplier relationships end to ensure that there are no loose ends or security gaps. Confidentiality increases the risk of fraud from supplier contacts.
A recession need not be a field day for scammers. By applying security practices around current and departing employees, identifying your web and application customers, and sticking with vendors to prevent vulnerabilities from being exposed, businesses can avoid an easy payday for the new criminals out there.
There will still be a recession to face, so one less thing to worry about – especially something as big as fraud at your expense – would be a welcome situation for businesses. .
Featured image credit: Tima Miroshnichenko; Bark; Thank you!