Guide to Fraud Prevention, Part 4: People

No prizes for guessing that your business’ cyber fraud prevention strategy is only as strong as the people upholding it. That’s why Part Four: People is the last, but certainly not least, pillar in our four-part Guide to Fraud Prevention, including: Hardware, Software, Procedure, People.

You’re forgiven if you’re alarmed by the recent 2023 Data Breach Investigations Report, which indicates that 74% of all breaches included the human element, with people being involved either via committing errors, abusing access privileges, using stolen credentials, or falling victim to social engineering, in other words, human manipulation. Intentional or not, a staggering 99% of privilege misuse breaches studied in the 2023 report involved an internal stakeholder, not just an external bad actor.

These systems breaches are what cyber criminals use to steal customer contacts and trap victims into massive fraud, to the tune of at least $12.5 billion in 2023 alone. To protect your business from liability in similar instances, leverage this guidance to eliminate risks among the people involved in your cyber security strategy. Even team members with the highest integrity require governance and training on the fraud prevention fundamentals to help keep your business and clients safe.

‍

Table of Contents

• ‍Training to Cultivate a Critical Eye‍
• Keep Sensitive Information In, Suspicious Information Out‍
• IT Staff That Is Trusted and Approachable‍
• Keeping an Eye Out

Training Teams to Cultivate a Critical Eye

Today’s sophisticated scammers make it necessary for your employees to maintain a certain level of vigilance in everyday interactions. Train employees on:

• The ramifications and prevalence of fraud;
• Recognizing common types and signs of fraud;
• Reporting suspicious activity–from emails featuring misspelled sender addresses to visitors lacking proper identification.

Staff should be familiar with and celebrated for escalating tell-tale digital scams like phishing, spear phishing, and spoofing, and be aware of the threat of malware, ransomware, and viruses. For example, an employee can tell that an email is likely a malicious impersonation (business email compromise) if the sender name doesn’t match the sender’s email address, or if the URL for the sender’s email address differs from the official company website domain.

For maximum impact, train employees with real-life examples from your industry. You can audit your employees’ ability to recognize scams with online tests and scenarios, including conducting unannounced phishing testing on a periodic basis through trusted, third-party firms such as Duo.

Trainings should occur as regularly as scams evolve. Keep an eye on new incidents and advisories from the Center for Internet Security, and notify employees when they hit close to home. Through professional development, you’ll grow your fraud-fighting force to include your full staff, rather than a few IT pros. 

To effectively prevent fraud, you need to know the what, how, where, and why. Discover true stories from fraud victims and best practices from industry experts in the To Catch a Fraudster webinar series.

Keeping Sensitive Information In, Suspicious Information Out

One way that fraudsters gain illicit access to customer data is by capturing an employee’s login and password when they enter it on an insecure network or fake website. Train employees to enter their login credentials only when they are prompted by official software or approved company vendor website, and that they verify the website URL against any slight variation played off as the real business web address.

Software customer support staff will never ask for login credentials via email, chat, or phone, so employees should recognize fraud if they are ever asked to divulge the information through those channels.

In addition, prevent staff from logging in on their personal devices like phones or laptops, which won’t benefit from the same security protections as business hardware, which you implemented in Part One of the Guide to Fraud Prevention: Hardware. Promote the use of enterprise-level cloud storage or issued devices, rather than USB storage drives, as these can be an entry point for viruses and malware.

Lastly, educate your team to scrutinize all email attachments or download links before clicking, especially unsolicited ones. If they’re unsure about the source or safety of an attachment, they should do some quick background research on the sender, seek information on similar scamming patterns, or just escalate to IT for verification.

IT Credibility and Approachability

It’s possible that you’ve met an unapproachable tech expert before–someone with an eye roll and impatient sigh ready for anyone they perceive to be beneath their dignity. No matter their level of technical expertise, their demeanor can make them a liability in an IT department or at a vendor IT company serving your business. Their “bedside manner” should encourage questions and confidence. Without a healthy dialogue between staff and IT, employees remain unaware and at risk, or keep suspicious activity to themselves.

Not only can this kind of collegial relationship prevent an attack, but it also enables collaboration on speedy recovery when cybercriminals strike. Conversely, if an employee falls victim to a scam and avoids divulging it out of fear that they’ll be met with scorn, it can exacerbate the damage. IT can provide remediation resources to the individual and organization, but only if they’re a trusted part of your team.

By adhering to parts one, two, and three of the Guide to Fraud Prevention, you tuned your business’ hardware and software to diagnose and disrupt probable fraud, but your most powerful resource—your people—can maximize your potential to be an engine for cyber security and resulting business growth. 

Anti-Fraud Software and Recovery Services

If you’ve mastered the Guide, but still lose sleep over the weak links in your fraud prevention strategy, there are resources available that empower you to check a bundle of cyber security boxes at once.

The most important thing you can do is sign up for our anti-fraud software and recovery services. We use the most advanced identification and device verification tools to protect your real estate transactions. Every CertifID transfer of funds is backed by up to $1M in direct insurance from Lloyd’s. In the case that you need to report fraud once you’re a customer, you’ll have access to 24/7 support hotline.

These services can neutralize the fraud risks inherent to doing business and leave your integrity, reputation, and revenue intact. Shift the burden of fraud prevention to experienced authorities. Join us for our next To Catch a Fraudster webinar and learn how to empower your team with the latest in fraud prevention strategy.

‍