Steps to help businesses mitigate risks of fraud and money laundering in a pandemic
The Coronavirus pandemic has undoubtedly revealed how vulnerable we all are. For business owners, the current climate has also thrown up a whole new set of challenges. Remote working, while vital for the survival of many businesses throughout the pandemic, has brought with it both risks and costs. Karen McLellan, Managing Director of Haines Watts Hereford discusses how business owners can avoid the pitfalls of fraud and money laundering.
Several important issues have emerged as a result of the coronavirus ‘work from home’ directive. Some of the key questions business owners have asked me have been around the security of home networks, given the highly sensitive customer data employees are working with. They know only too well that any data breach poses a real risk of financial loss through fines, reputational loss, sales and customers
During our conversations, we have discussed the risks and frauds that are rising in prevalence as a result of Covid-19. These have included everything from scam emails purporting to be from HMRC claiming refunds are due to false supplier invoices. There have also been scam emails alleging to be from management requesting payments to be made.
One thing is certain, there has been a general increase in cybercrime with the work from home requirements.
So how can an owner spot the signs in their own business or among clients?
Any business owner needs to be on the look-out for unusual or unexpected transactions in terms of frequency, type of goods or service or quantum. If you receive unexpected notifications of refunds from HMRC, customers and, suppliers, verify these with the relevant party before you supply any details or accept changes.
What preventative steps can a business owner take to safeguard themselves and their team?
Business owners need to be mindful of the fact that criminals and gangs are using the ‘dark web’ to target employees who are less secure while working from home. This could result in phishing attacks and emails being compromised.
As we know, there have been widespread sophisticated fake emails regarding Covid-19 assistance. Typically, this means that employees have more chance of clicking on links in emails that are infected with malicious software by accident and falling victim to an attack.
We have also seen complex money laundering and terrorism financing operations, including fraudulent websites which offered World Health Organisation (WHO) Covid-19 vaccine kits.
Train your team to be alert to cyber security and check invoices received against order notes, or confirm with the person who allegedly placed the order if purchase order notes are not used. It’s also important to only make charitable donations to charities that you know. You need to educate and communicate the risks posed to your team and make sure any necessary training is carried out. This includes ensuring that they never click on a link or text in an email that looks suspicious and report it if it doesn’t look right.
A company’s customer data is highly sensitive, but there are challenges in ensuring your staff’s home-working set-up is as secure as your office is. You need to ensure that any IT and security practices you put in place as a business enables employees to access secure platforms. Investment in IT infrastructure is more vital than ever to enable and remind employees what your remote-working protocols are.
One thing that is apparent is that due to the speed of change and relaxation of rules forced upon us by the pandemic, our attitude to risk as business owners has certainly been sharpened.