How Businesses Can Mitigate Evolving Cyber Security and Fraud Risks
Single Sign On (SSO) technology, the ability to remote wipe commercially sensitive data from stolen employee laptops, and using AI to automate expense claims can help companies increase security amidst a hybrid workforce.
Fraudsters and cyber criminals are quick to spot and seize opportunities during economic and social upheaval.
It’s no surprise then that cyber security challenges post pandemic are on the rise as fraudsters try profit from recent events. Research published earlier this year found that more than half of UK businesses believe their exposure to cyber attacks has increased due to working from home arrangements during the pandemic. In separate research, eight in ten (84%) mid-sized businesses in the UK experienced fraud in 2021 and more than a third (37%) of UK companies reported an increase on the previous year.
What are the cyber security challenges and risks and how can companies deal with rising cyber attacks and fraud?
The risks will vary according to the type of business and its industry - from SMBs to large businesses. However, the three main types of risk are centred on confidentiality, integrity and availability. Let’s cover the top cyber security risks and how you can protect your business.
Risk One: Securing the Hybrid Workforce
We all know that work patterns have changed dramatically in the wake of the pandemic. When and where employees work has shifted as traditional nine-to-five office hours have blurred into a flexible working day, including evenings and sometimes weekends.
One of the warning signs for potential fraud or a cyber attack used to be an employee trying to access a company network or financial or customer data on an IT system in the early hours of the morning or during the weekend. That may still be a red flag, but company software, especially systems that verify the identity of employees and allow them access to the company network, now must adjust to new working patterns.
A growing number of companies, including many of our customers, are using single sign on technology to allow employees to securely access multiple applications using one set of sign-in credentials.
With SSO, companies can reduce password overload (employees no longer need to remember dozens of passwords), manage access and security (IT can easily control which applications users can and can’t access and at what level).
Risk Two: The Proliferation of Mobile Work Devices
The boom in home and remote working has accelerated another pre-pandemic trend: employees using their own smartphones, tablets and other devices to access work IT systems.
An increase in the number of devices used by employees will inevitably increase the risk of lost and stolen devices − last seen in cafes, pubs and trains − or compromised by a cyber attack.
If an employee loses their device or has it stolen, being able to remotely wipe commercially sensitive data from the device, such as financial data and customer details, can be useful damage limitation.
Check whether your business software supplier includes this feature and whether it is regularly audited for compliance with global standards for security, including ISO 27001 (IT security management) and BS10012:2017 (a privacy standard).
Risk Three: Duty of Care − Protecting Your Staff
We all know that a company’s number one asset is its employees. Any time an employee travels for work, there’s a risk that something could go wrong. As a business leader, it’s your moral and legal obligation to ensure that every employee stays as safe as possible on the go.
Employers can use duty-of-care software platforms and apps to track employees’ location when on business trips, assess geo-political and other risks to employees, and provide them with real-time safety alerts and tips.
We use this technology ourselves at SAP Concur, and a recent scenario springs to mind. During our 2020 annual sales and marketing conference in Seattle, there was a shooting incident one block from our conference building. We used duty-of-care software provided by our technology partner to send all employees an instant phone alert warning them to avoid the area, while checking that everyone was safe and accounted for.
Risk Four: Mitigating Fraud Threats
Our recent research found that employees think it’s acceptable to knowingly submit a fraudulent or false claim of up to £109/€128 for various reasons. When you extrapolate this across the number of employees in an organisation, you begin to realise how such attitudes could significantly impact your business’s bottom line.
When almost half of employees think it's acceptable to over-expense or ignore company expense policies on a yearly basis, it's time to take expense fraud more seriously.
By implementing automated, digital tools, organisations can avoid mistakes, make life easier for finance teams and employees, and stop fraud in its tracks. Technologies including artificial intelligence, are being incorporated into expenses software, further increasing its efficiency. Of course, technology is only part of the answer. It’s also important to educate your staff about not just what expenses claims are acceptable, but also how to spot a possible fraudulent claim.
Risk Five: Increasing IT Availability
An increasing number of companies are migrating their IT systems from on-premise to the cloud. In addition to the usual due diligence of checking that your supplier has robust security, privacy and data back-up safeguards, and that any data is also encrypted and secured when it will be in transit from your old to new IT systems.
Cyber security has long been an essential part of company spending. The surge in hybrid working and online business during the past two years has underscored the importance of robust and flexible security. Many of our customers are increasing spending on some parts of cyber security. With a new cyber-security breach in business reported each week or month, companies cannot afford to be the latest poster child of lax security.
See this infographic for a list of 6 things to help you prepare so that you can improve compliance and fraud identification, and let your people focus on solving problems instead of finding them.