Cyber crime

Red Flags to Detect Insider Threats and Employee Fraud

photo of niek dekker
Niek Dekker
7 Min

Detecting insider threats and employee fraud within your Accounts Payable (AP) department is easier said than done.

Employees occupy privileged positions of trust. They have access to internal systems, as well as deep knowledge of your internal processes. They know where the vulnerabilities lie in your organisation’s internal controls.

Whether motivated by financial gain, desperation or grievance, employees are uniquely placed to defraud their employers and know how to cover their tracks particularly effectively.

All too often we see reports in the news of trusted employees undermining and defrauding their employers, often for many years, without getting caught. By the time they are found out, it’s often too late. The employer has suffered huge losses – and almost never successfully recovers their funds.

Often external auditors struggle to detect hidden insider threats. Staff often:

  • Manipulate supplier banking information in the text-based ABA files that are used to upload payments to online banking portals,
  • Collude with suppliers to issue fake invoices,
  • Submit illegitimate reimbursements for expenses,
  • Give fake refund payments to customers,
  • Divert incoming funds from commercial partners or the ATO to their bank accounts,

There are endless ways for malicious insiders to secretly profit at your expense. With so many creative ways for employees to defraud your organisation, you must be able to identify the red flags that show you how to detect insider threats and point to malicious activity.

Insider Threat Red Flags

1. Requesting Unnecessary Access to Systems and Sensitive Information

In every organisation, access to systems and sensitive data should be on a need-to-know basis. In other words, access should be restricted and limited only to those who need access to perform particular duties.

Whenever an individual staff member requests access controls to a system or file, or requests greater privileges within a system they already have restricted access to, this should be questioned.

You should carefully assess whether granting or extending access will undermine segregation of duties policies. For example, an employee may have read-only access to supplier banking data and may be requesting write access. Such requests should always be carefully considered before agreeing to the request.

If an employee is requesting too much access to sensitive information that is not required to perform their job, it may be an indication of malicious intent and their activities should be carefully monitored.

2. Disorganised or Incomplete Record Keeping

Employees who maintain disorganised or incomplete records may be doing so in a deliberate attempt to obfuscate malicious activities.

Without organised records and activity monitoring, accurate audit trails become almost impossible.

Every organisation should invest in ensuring they have the right policies and oversight of records to ensure that proper standards are maintained. Regular internal audits will be able to identify problematic record-keeping practices at an early stage, so they can be rectified promptly.

In short, you need to keep on top of employee record keeping. Thankfully, there are many applications out there that can help you achieve and maintain best-practice record keeping within all functions of your organisation.

3. Not Taking Annual Leave

For any staff member engaging in fraudulent activities, the very last thing they want is to be discovered. The challenge for these staff members is that whenever they take annual leave, their duties are likely to be handled by a colleague who may uncover what they have been up to.

To avoid this security risk, many employees who are engaged in fraudulent activities avoid taking any annual leave. If they do take leave, it is usually for very short periods, reducing the risk that their activities will be revealed.

One way to overcome this is by mandating that employees take their annual leave and ensuring that another employee is tasked with performing the function during their absence. The risk of getting caught may be enough to dissuade employees from carrying out malicious activities.

4. Conflicts of Interest with Suppliers

Having good relations with suppliers is good business practice. However, a problem may exist if one of your employees has an overly cosy relationship with one of your suppliers.

When a staff member strongly advocates for one particular third party, helping ensure they become a supplier, it may be an indication of a conflict of interest. The third party may be owned by a friend or relative of your employee. The third-party may indeed be the best supplier for your organisation, however, the relationship is something you need to be aware of, so appropriate controls can be in place to avoid any problems.

In other cases, employees have been known to become too friendly with supplier staff members over time. This can pave the way for your employee to conspire with the supplier’s employee to issue fake, duplicate or inflated invoices.

A clear conflict of interest policy needs to be in place that mandates that any personal connections to suppliers are made known to management. Furthermore, rotating staff members that work with your suppliers is one way to ensure that relationships with those suppliers don’t become overly cosy and always remain professional.

5. Living a Lavish Lifestyle or Experiencing Financial Stress

High-end branded clothing, new luxury cars and extensive overseas travel. If it all seems too good to be true based on an employee’s salary, this should be regarded as a red flag. You could be witnessing the actions of a malicious insider. Evidence of a lavish lifestyle could be an insider threat that you should take very seriously.

When an individual staff member is seen to be living above their means, it may indicate that they are engaging in fraudulent activities. Of course, you should never jump to conclusions. The staff member may come from a family with means or have other legitimate investments. However, lavish spending should cause you to pay closer attention to their activities to make sure nothing untoward is occurring.

By contrast, if you see employees experiencing severe financial stress, you should be aware that they may resort to theft out of desperation.

In all cases, you need to pay attention to what is happening in an employee’s private life. These are delicate issues, and no organisation should be prying into private matters unrelated to work. However, maintaining a broad overview of employees’ lifestyles can point to potentially fraudulent activities.

6. Gambling Addiction

One of the most common causes of employee fraud is gambling addiction.

All too often, staff members become hooked on the pokies, with their addiction funded by fraudulent activities. In many cases, an employee will delude themselves into believing that once they win a jackpot, they will repay all the money they “borrowed” from their employer.

Of course, that rarely happens. The funds taken to fuel their pokies addiction were never “borrowed.” In reality, the funds were stolen.

It’s important to have visibility over any staff gambling habits. One way to assist staff who may have a gambling addiction is through offering free confidential counselling services to staff and encouraging any employees experiencing any personal problems to utilise these services.

Another option is to have a confidential mechanism for staff to report any concerns they have about colleagues who may be addicted to gambling. Such concerns should be handled very delicately by human resources.

7. Being Passed Over for Advancement / Promotion

One common cause of internal fraud is a grievance against an employer.

Potential insider threats who feel they are underpaid, or who believe they were passed over for advancement and promotion, may justify carrying out fraud against their employer as getting what they deserve.

A human resources department that has open communication with your staff should be able to identify employees who hold feelings of disgruntlement towards the organisation. Furthermore, when employees feel the organisation is committed to their long-term advancement, they are much less likely to feel disgruntled and carry out fraud.

8. Accessing Network Resources During Out-Of-Office Hours

Malicious insiders may attempt to access applications, network resources or intellectual property during out-of-office hours, whether late at night, on weekends, or when on leave.

One red flag is if you find an employee using their work device to log in during out-of-office hours. This can indicate that a malicious insider is attempting to access sensitive data, such as the Vendor Master File. The Swiss Cyber Institute noted that approximately 7 out of 10 organisations did not conduct end-to-end monitoring of data access and movement.

Monitoring and identifying any indications of insider threats will allow you to minimise the risk of internal fraud. The more control you have over your data, and monitoring who has access to it, the greater your level of protection.

The Bottom Line

To counter internal fraud, every organisation needs to establish some form of threat detection and prevention.

Consider implementing a risk management policy, data management controls, staff training and software that can mitigate the threats. It’s essential to adopt a range of measures that minimise the risk of internal fraud. A combination of tools that can help predict malicious employee behaviour, and offer digital warnings in real-time, will be highly effective in protecting your business from internal threats and fraud.

Implementing insider threat risk management is affordable for even small to medium-sized businesses and represents a major step forward in ensuring long-term IT security in an environment where every employee is a potential security risk.

How can Eftsure help?

There are many reasons why insider threats occur. There are also several ways such fraudulent activities can be carried out.

Whilst there are numerous malicious insider threat red flags you should be on the lookout for, none of these is fool proof. Malicious insiders may still be able to defraud your organisation or carry out a data breach using clever tactics that are almost impossible to detect.

With Eftsure integrated into your accounting processes, all outgoing payments will be cross matched against our unique database comprising over 3 million Australian organisations.

This verification step makes it much harder for malicious insiders to carry out fraud. Any attempt to redirect payments to personal bank accounts will be detected with our monitoring tools, allowing you to investigate the transactions more carefully before processing them.

Contact Eftsure today for a no-obligation demonstration of the many ways we can help your organisation prevent internal threats, such as employee fraud.

Securing every stage of your Procure-to-Pay cycle is the best way to protect your organisation from internal or external fraud. Download our FREE Procure-to-Pay guide now and ensure you achieve best-practice internal controls.

Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.