As more companies announce transitions to permanent remote and hybrid-work policies, safeguarding sensitive data and mitigating the risk of fraud are critical issues–especially as technology plays a bigger role in how, when and where work is done.
This is especially true for the fast-growing middle market sector, which holds trillions in revenue and carries high risk of being targeted by or falling victim to fraud.
While financial leaders wear many hats, security must be one of them.
When planning for 2022 and beyond, here is what financial executives need to know to protect their company, reduce vulnerabilities and educate their full organization about best practices.
Fraud Catching Fire
Fraud is, undeniably, as old as business itself – and is not just here to stay, but on the rise.
PwC reports 35% of U.S. companies reported experiencing fraud in 2009, compared to 56% who did in 2020. The pandemic also proved fertile ground for fraud: the Association of Certified Fraud Examiners reports that 79% of anti-fraud professionals saw an increase in fraud last year. There’s no end in sight: 71% expect fraud levels to further increase in the near future.
What’s driving the increased risk? Societal and economic change. The reality is that digitization and flexible work are the future, but the sudden transitions also created new processes without adequate controls and oversight. In addition, commerce shifting online and an uneven economic recovery has created both means and motive for would-be fraudsters.
Issues of transparency, reliability and dependability are hot-buttons for all companies at the moment—and a single issue can carry more weight than anticipated if it damages consumers’ or clients’ trust in an organization. Because financial executives tend to oversee risk, reputation management and internal controls, preventing fraud must be top of mind.
Finance’s Role in the Fight
As financial executives feel out their role in preventing fraud, the #1 priority on their list should be to get prepared. According to McKinsey, although 75% of experts consider cybersecurity to be a top priority, only 16% say their companies are well-prepared to deal with cyber risks. Understandably, executives are overwhelmed by the mounting challenges – but preparing now can prevent future headaches, financial loss and rogue or unintentional risk behavior from employees:
- Take Stock – Think of all your critical financial and accounting processes, people and tools like a supply chain. Each link is both essential and a potential issue if something isn’t working. Document areas that could be optimized, automated, or made more secure. Key questions to consider include: Where are humans most involved? Who has a business need to access customer data? What are they potential human errors that could happen? What do the controls look like? Where were our top threats last year, and what threats are emerging?
- Implement Best Practices, Starting at the Top – From your office, then throughout the organization, ensure that all team members are trained on the best practices while WFH, including how to secure devices and networks, utilize multi-factor authentication and detect phishing scams. Once you know what processes still live on paper, create secure online systems for processes that can be digitized. Securing data on the cloud is essential to add protections for the transfer and storage of documents that contain sensitive information, such as social security numbers, bank account information and credit card details. From there, take a hard look at passwords and login protocols. The truth is online bots can crack passwords and test stolen credentials in a short time, and therefore multi-factor authentication is critical.
- Advocate for Ongoing Education – Most companies conduct annual training in key areas like security and harassment, but it’s not enough. Instead, finance leaders should invest and advocate for ongoing education and resource availability for employees to ensure they are up to date on the newest threats and regularly tested to ensure they can identify phishing attempts, prevent errors and safeguard their (and the company’s!) information. Leverage industry research and outside security and fraud advisors, when possible, to stay on the pulse of emerging threats and train the company on defenses in advance–before the trojan horse is rolled through the city gates.
Focus on the Future
In addition to staying on top of emerging threats, finance leaders should also watch for emerging technology and systems that can help in the battle against fraud.
For example, consider implementing AI systems that can scan for mistakes, such as duplicate payment, fraud and human error. The reality is that even if all your employees are altruistic, you can’t control for mistakes which remain a major contributor payment processing issues. A recent EY survey found that 53% of finance leaders believe that more than half of finance tasks currently handled by people could be performed by AI over the next three years. But it’s not about a mass exodus of your team. Rather, a refocus for your team to spend time on the right areas at the right time. And during a time when hiring is difficult, AI and automation can take care of the mundane tasks that are not great for employee satisfaction in the first place.
Kick the tires on your current technology too, and if needed, look for solutions that set permissions by user for digital payments in order to limit access to bank accounts and significantly reduce chances of fraud. If you don’t already have a paperless paper trail for transactions and processes, the time is now to make a change. Cloud-based solutions can automatically create audit-ready trails that contain this critical information, so you can quickly assess who was involved, what questions were asked, and more.
Being able to track the steps of your AP and other key processes to identify and isolate any instances of the fraud will help protect both the company and its individual employees, eliminating guesswork or baseless finger-pointing.
Finance leaders are by no means alone in fighting fraud, but with the right technology, processes and trained people, they can lead the charge to a more secure future.
Vinay Pai is Senior Vice President of Engineering at Bill.com.