Four Ways to Mitigate Fraud Risk During a Recession
We’ve talked so much about recession in recent months that it’s hard to believe it’s still on the horizon and not in the rearview mirror. But most experts agree that we’re sliding into an economic lurch right now — and need to prepare for all the struggles for individuals and businesses that come with any backward slide in the economy. Let’s discuss four ways businesses can mitigate fraud risk during times of recession.
Fraud Spikes During Any Recession
Fraud spikes during times of recession. When an economic downturn begins or drags on, it gets harder and harder to continue your lives as you have before. Unemployment rises, people take on more debt, and the price of necessities inflates. It’s harder for many to pay bills, keep food on the table, and generally stay above water. As a result, the idea of easy money via fraud or theft becomes more enticing to those struggling.
At the same time, businesses feel the recession largely through a decrease in demand for their product or service — which makes each sale harder to secure than ever.
As companies look to tighten their spending, they inevitably analyze their tech stack. Anything ancillary gets put to the wayside when times are tough — including fraud prevention software. And in some cases, there’s a temptation for businesses to shirk normal security and privacy responsibilities to usher in additional sales.
Online merchants make a conscious decision to dial back fraud prevention to maximize transactions during peak buying seasons such as Black Friday and Cyber Monday.
The Perfect Storm — Higher Fraud Risk and Reduced Fighting Power
This combines to form a perfect storm of higher fraud risk and reduced capabilities for businesses to combat it. Fraudsters are likely aware of the fact that companies will have lowered security thresholds and will be looking to take advantage of that fact.
Fraud can attack from multiple directions, making it difficult for businesses to keep their eye on the proverbial ball.
Potential Entry Points for Cybercriminals
In addition to fraud from external sources, the risk of internal fraud or third-party fraud (originating from a vendor or partner) also increases during a recession. Management and integration tools installed at businesses in the last decade to increase efficiency and speed up workflow both within a company may not have been secured. Parties connected to each new resource, exacerbated by Covid work-from-home necessity, are also potential entry points for cybercriminals to perpetrate fraud.
A highly interconnected company is efficient — but it also has more area to secure.
Four Potential Fraud Avenues a Company FaceS During Any Recession
Let’s look at four potential fraud avenues a company might face during any recession, as well as tactics to cut bad actors off before they have the chance to damage the business.
1. Internal Threats
Employees are working faster to try and hustle, missing things they’d normally catch like fraud perpetrated through phishing and other email methods, made even harder due to remote working conditions.
Stress and heightened expectations to perform to make up for the economic downturn might make for disgruntled employees that aren’t doing their utmost to keep the company secure.
Security can become lax as a result of fewer resources or through attempts to woo more customers by skirting security checks. Fraudsters will be working overtime to take advantage of any holes made apparent through lowered security thresholds.
Security Awareness — Authentication and Firewall
Prioritizing regular security awareness and training and only give employees access to systems and information they need to get the job done.
Begin with employee onboarding to ensure that there is enough awareness to keep your company and your systems safe. This effort will help keep those vulnerabilities from surfacing and reduce the chance that human error winds up being costly.
Employ a zero trust access policy and implementing continuous authentication within the company’s firewall can also help prevent rogue activities.
2. Staffing Changes
Employees leaving is the nature of business, but the fraud risk associated with these exits is real, especially if the cause of the employee’s departure is a reduction in force.
Password Changes on Systems (Including Your Office Door)
If passwords don’t change, for example, after an employee leaves, the data hidden behind that password may be compromised. A study found that 49% of employees have logged into a work account after leaving the position. All accounts and systems should become inaccessible the moment an employee leaves — that day. It should be someone’s job to handle this part of your operations.
Insider fraud is a real thing, but it becomes even more likely after the employee leaves the company—especially if they were terminated or did not leave on the best terms.
Remember — the difference between an employee “poking around where they shouldn’t be” and “selling your data” is not as wide as many think.
Offboarding Plans and Responsibilities
Make sure you have an “offboarding” plan in place to ensure your company stays protected as employees exit. Remove access to all crucial documents, disable email inboxes, revoke credentials, and account for all potentially connected devices.
Make a checklist for what needs to be done in each offboarding scenario, and make sure each item is completed. If there’s a wave of layoffs, that checklist will be especially handy.
It’s easy to miss one small step for one of the individuals that could have significant ramifications.
3. Account and Login Fraud
When it comes to securing employee accounts, there are many options. However, when it comes to selling to customers, they cannot be reasonably subjected to the same stringent security restrictions without there being a direct impact on the bottom line.
Dummy accounts, hacked accounts, application fraud, and synthetic identities are all used in defrauding companies from the very point of access normally given to legitimate customers.
Many businesses that sell on their websites or apps use multiple security checkpoints like multi-factor authentication (MFA) to make sure people are who they say they are, but this has the side effect of providing an irritating experience for the vast majority of users that are there legitimately, to simply buy from a business.
Can Your Business Identify its Network?
Engaging with a real-time identity network allows companies to better identify their visitors – businesses can verify an identity once and then keep the roadblocks out of the way the rest of that session. But of course, some fraudulent activities have legitimate aspects to them; even an account set up the right way might be used for nefarious purposes.
Identity networks allow companies hooked into their network to receive a warning on sketchy behavior even before the newly arrived user has done anything on their site or app.
With real-time user data, collected (and then anonymized) from all sorts of sources—more and more as the IoT connects devices to make a more encompassing picture of a person’s activities—security can remain high without making user experience miserable for the average user.
4. Vendor-Based Risks
Just like an outgoing employee represents a risk that needs to be addressed before it gets out of your control, the end of a vendor relationship can create problems if there are security shortcomings.
Even when the relationship is solid and ongoing, the connection between companies means that there will be some number of individuals at a vendor that has access to your company’s information. Unless you have safeguards in place, there’s not much you can do to control their actions.
Negotiate with vendors from the beginning of a relationship to retain as much control over what is shared to maximize your protection.
For vendors already in place, bring this up during contract renewals. And just like with employees, make sure that your internal team members have a plan in place when vendor relationships end to ensure that there aren’t loose ends or gaps in security that add fraud risk from a vendor contact.
The recession doesn’t need to be a field day for fraudsters. By putting in place security practices around current and outgoing employees, identifying your web and app customers, and staying engaged with vendors to prevent vulnerabilities from being exposed, businesses can keep from being an easy payday for the new would-be criminals out there.
There will still be a recession to contend with, so one less thing to worry about — especially a big thing like fraud at your expense — will be a welcome situation for businesses.
Featured Image Credit: Tima Miroshnichenko; Pexels; Thank you!