Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
For many leaders, the idea of a trusted employee defrauding their business is unthinkable. How could someone you work with every day – maybe even someone you chose to hire – end up abusing their access to organisational systems, information or money?
Unfortunately, insider threats can and do exist. In fact, research suggests that insider incidents have been increasing each year, which you can see in our comprehensive guide to insider threats.
We’ve also previously looked at the different types of insider threats and incidence rates. But which specific actions can you take to protect your business, especially if you don’t want to micro-manage or second-guess your people?
Let’s explore ways to reduce risks without sacrificing a positive and trusting culture.
Regardless of whether a threat is intentional or unintentional, segregating duties remains one of the most reliable ways to reduce fraud risks and data insecurity. Unfortunately, according to Eftsure survey data, 40% of organisations do not have a segregation of duties policy, potentially heightening their chances of an insider incident.
But what is segregation of duties? Basically, it’s an approach in which accountability is diffused across multiple team members, ensuring that no single employee has central authority over sensitive processes like authorising transactions. This might mean assigning responsibilities like approvals, invoice processing or bank reconciliation to separate employees.
According to auditors – specifically, the Auditing and Assurance Standards Board – inadequate segregation of duties can make your business more vulnerable to misappropriation of assets.
By dividing responsibilities and tasks among multiple individuals, leaders make it a lot harder for a single person to commit (or conceal) fraudulent activities. A system of checks and balances safeguards your organisation and can help flag potential issues before they result in severe damage or financial losses.
Especially if you need to detect or prove a potential insider threat, it’s important to have records of employee actions and access. Look for solutions that flag suspicious behaviours and can help you retrace users’ digital actions.
Of course, you’ll want to strike a balance between critically necessary audit trails and over-surveillance. Fortunately, the right technology solution can help you neatly partition user responsibilities and record employee actions within sensitive processes – without making employees feel constantly watched.
Technology can play a crucial role in enforcing segregation of duties within organisations, particularly in mitigating risks associated with payment fraud and error. Leveraging technology not only automates and simplifies the enforcement of segregation of duties but adds a layer of security and auditability that manual processes typically can’t achieve.
These include:
Eftsure’s solution can help with all of the above. Request a demo to see how Eftsure mitigates your insider threat risks.
Working with HR, or people and culture, teams can help you mitigate risks associated with disgruntled employees, negligence or improper training. We know from research that many insider incidents stem from unhappy employees – those who feel they’ve been mistreated or passed over for promotions, for instance.
Minimising these risks means working with people and culture specialists to refine your onboarding and offboarding policies, documentation and policies around career progression, and quantitative measurement like NPS scores or qualitative evidence like Glass Door reviews.
With the right processes, culture and technology solutions, you can build a zero-trust environment that eliminates the need to constantly micro-manage or second-guess your people. But no system is 100% infallible – it’s still important to keep an eye out for red flags.
Warning signs include:
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
US construction and government sectors lost $7.7 million in BEC scams. Learn how fraudsters exploited financial controls and how finance leaders can protect their organisations.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.