3 ways to reduce fraud risk in a changing cybercrime landscape
The COVID-19 pandemic has intensified the risk of fraud globally, and Hong Kong is no exception: criminals thrive on uncertainty and disruption, and the conditions of the pandemic provided an abundance of both. Companies accelerated digital transformation, work-from home arrangements, and online collaboration, sometimes leaving security loopholes that made staff vulnerable to fraudsters. Hong Kong police reported that cybercrime in the region surged two-fold in the first half of 2020 alone, transforming the fraud landscape.
These threats are nothing new: the spread of coronavirus has simply made them more prevalent, and hence more visible, both to the general public and senior management. It is well recognised that fraud attacks have a very large reputational and monetary impact. However, the range of fraud types and speed at which it spreads can make prevention seem like a daunting task. Here are three ways by which businesses can help protect themselves from fraud.
1. Stay on top of fraud risk with proactive testing
Criminals have responded with characteristic ruthlessness and speed to exploit COVID-19. Banks and financial institutions in particular are under attack from fraudsters – HSBC recently issued a statement to customers warning of the increase in phishing SMS scams and fraudulent websites.
When launching new products and services, risk analysis and evaluation is essential right from the planning stage. New online solutions are more susceptible to fraud with large ‘attack vectors’ that criminals can exploit. To address this companies must adopt a proactive approach, conducting controlled stress-testing to identify potential flaws and loopholes of new products and services.
2. Think like a criminal to stay one step ahead
Criminals are without qualms when it comes to exploiting others for their own gain. For their schemes to work, offenders ensure that they are flexible and act quickly as situations unfold. Hong Kong’s financial institutions are required by law to continuously monitor emerging fraud and cybersecurity threats and review vulnerabilities to their own infrastructure. Banks are also required to monitor any external providers they work with for vulnerabilities.
Learning how criminals behave and how they think is crucial: this helps anticipate and nullify new threats. Equally, unsuccessful criminal activity is often hugely informative in exposing popular methods and techniques that criminals adopt in different regions. Only by studying the behaviour of criminals can their ways of operating be understood and, ultimately, identified and prevented.
3. Embed zero tolerance for fraud in the corporate culture
Embedding a zero-tolerance approach to fraud should be a priority for senior management and an anti-fraud ethos should be part of a firm’s wider culture.
Positioning fraud beneath this broader umbrella underlines the danger it poses to everyone within a firm. For example, after a data breach in 2019, American bank Capital One’s stock dropped 5%. Fraud affects the whole business, and by educating staff with such examples, the threat of fraud becomes far more vivid; the damage fraud can do to a firm’s profit margins is an excellent way of conveying your message.
Using a company laptop for personal use, or vice versa, for example, is fraught with risk. IT control standards, including identity verification must be as robust as it would have been in the office. Information about risks must be circulated whilst staff adjust to remote working.
A holistic approach is key here: cybercrime must be brought under the financial crime compliance canopy, instead of just credit risk.
Get to grips with fraud
Learning and education is fundamental to overcoming the issues that confront firms in the fight against fraud; without it, none of the statements above can even begin to be addressed. On a senior management level, this can be as simple as setting up email alerts or absorbing the latest reports and publications.
Awareness of fraud risk and a preventive mindset need to come from the senior levels of an organisation. The surest way of engaging the wider workforce in the battle against fraud is to arm yourself with the facts on fraud, recent case studies, and actionable ‘quick wins’ for each member of staff on how to mitigate the threat. This learning must be continual; criminals are unceasing, persistent and sophisticated in their efforts, and firms must be unceasing, persistent and sophisticated in turn, to better equip them to navigate an ever-changing fraud landscape.
-- Contact us at [email protected]
-
Equip young people for the future Dr. Winnie Tang
In late February, the inaugural flight of an air taxi from Shenzhen Shekou Cruise Homeport to Zhuhai Jiuzhou Port took only 20 minutes with an estimated one-way ticket price of 200 to 300 yuan per
-
Are we raising a generation of leaders, or of followers? Brian YS Wong
The essence of education is defined not by the facts it imparts, but the potential knowledge it inspires students to individually pursue on their own. Put it this way – the ideal form of education
-
The urgent need for reforms to sex education in Hong Kong Sharon Chau
Nearly one in every four university students (23%) in Hong Kong has been sexually harassed, according to a 2019 report published by the Equal Opportunities Commission (EOC). A 2019 study found that
-
STEAM should be linked to real life Dr. Winnie Tang
In the 2017 Policy Address, STEM (science, technology, engineering and mathematics) education was proposed as one of the eight major directions to promote I&T development. Since then, funding has
-
Let trees speak for themselves Dr. Winnie Tang
I often say that smart cities start with smart planning, but smart planning presupposes adequate, systematic and up-to-date data. This is important not only for city administration, but also for tree