The internet has made many aspects of our daily lives easier as consumers. We can order groceries online, rent a car, order medication, and even transfer money– all without talking to a single person or leaving the house.
We pay for this convenience, unfortunately, when the platforms we use don’t do their due diligence to protect users and their information. This happens in the form of fraudsters and bad actors who target different services in order to gain access to a business’s or consumer’s financial information.
While there are many different solutions designed to help deter and protect against fraud, fraudsters have continued to become more savvy in how they target businesses and their users. In fact, a recent PWC survey found that the percentage of fraud committed by external perpetrators has increased– accounting for 43% of the most self-reported debilitating attacks against businesses.
When successful, fraudsters, of course, don’t just steal money– they also harm a business’s reputation and can turn away potential customers, making it difficult to recover from the attack.
With this in mind, it’s important to understand the most common types of external bad actors that affect most businesses so you can better protect yourself against these attacks.
Hackers and organized crime
According to PWC, the most common external fraud that affects businesses is committed by hackers and organized crime rings, and the number of attacks committed by these groups has only continued to rise.
Hackers and organized crime syndicates can be particularly dangerous for businesses to contend with because they tend to have a lot of time and people at their disposal. This means that they can continue to attack your network and internal systems in order they’re successful.
However, hackers don’t just need to brute force their way to gain access to financial information. They can also leverage social engineering, which is when someone– typically an employee– is manipulated into doing something or providing confidential information. For example, a hacker could spoof your CEO’s email address and send an email to the VP of Finance, requesting information about accounts. If the VP of Finance doesn’t catch that the email is fraudulent, they could mistakenly share that information with the hacker, giving them access.
Social engineering has become especially important to train employees about as more and more businesses turn to remote work. With the absence of an in-person network, some remote employees won’t message a coworker or superior to confirm before completing the action asked by a hacker.
According to a survey by Varonis, employees have access to, on average, 11 million files. Of the files that employees have access to, 17% of all files containing sensitive information are accessible to all employees. On top of that, 60% of companies have over 500 accounts with non-expiring passwords.
All of this is to say that it isn’t difficult for a current or even former employee to gain access to sensitive information to share with an external threat– whether a competitor or hacker– and defraud a business. Companies largely don’t make fraud deterrence and security a priority, and tend to only spend the money on training when legally required through compliance regulations.
When it comes to protecting your business, creating an incident response plan and employee training is important. But what’s arguably just as important is file hygiene and an investment in scalable file software, like Dropbox or Drive, that enables employees to secure files that have sensitive information.
In our experience, most of the fraud committed by customers tends to be accidental– for example, accidentally misspelling their name or messing up their birthdate. While this type of fraud tends to not have such debilitating financial consequences like the fraud caused by hackers or disgruntled employees, dealing with accidental fraud can take up a lot of an employee’s time and can clog up your customer data.
This “friendly fraud,” as some call it, is often one of the easiest to combat. Businesses can invest in an external vendor to help them streamline their customer ID verification process during onboarding or hire a dedicated 24/7 customer support team that helps prospective customers verify their identity to access your platform.
It’s easy to get caught up in growth and not spend as much time as you should on deterring fraudsters and keeping your financial data protected. Knowing who to focus on when creating your fraud deterrence strategies will help you successfully keep fraudsters away from your platform.
Ready to create a business plan to combat fraudsters? Here’s why deterrence is best: https://www.berbix.com/post/fraud-strategy-is-best.