Taking a Closer Look at Remote Workplace Fraud Vulnerabilities: How to Mitigate Escalating Threats

With many companies already working from home due to COVID-19, new data suggests that about 74 percent of Chief Financial Officers (CFOs) expect at least some of their employees to continue to work from home permanently after the pandemic ends. As a future of remote work comes into focus, IT and security professionals are becoming increasingly aware that employees could unknowingly leave a door open to fraud, cybercrime and more.

It’s time to take a closer look at the vulnerabilities our new remote workplace exposes and understand the strategies and tools organizations can leverage to better protect their employees, their data and their businesses.

Remote Workplaces Create new Threats for Cyberattacks

It’s typical for cybercriminals to increase their efforts during times of uncertainty. For many, spending more time online—searching for news, entertainment and connection—or working remotely while under stay-at-home orders has led to increased opportunities for cyber attacks.

Just how does working from home—or from anywhere other than the employer’s office—make people more vulnerable to cybercrime?

Remote workers often access corporate accounts on unprotected public Wi-Fi, conduct business on personal computers rather than an employer issued PC, and transfer files between work and personal devices. Without an IT professional a few desks over, remote workers also aren’t as likely to regularly update software with security patches designed to stay one step ahead of cybercriminals.

Hackers prey on emotional vulnerabilities, too. During a global health crisis, people may be more likely to click on an unknowingly malicious link in an email to gain access to a news update or to purchase PPE that is hard to come by. By clicking, they unknowingly give criminals access to their personal data and their employer’s, exposing valuable corporate information like usernames and passwords, credit card account numbers and customer identities. Spear-phishing email attacks like these have increased 667 percent during COVID-19.

The breaches they cause can have dire financial consequences for individuals and organizations, with the potential to erode customers’ trust and loyalty at a time when it’s more important than ever.

How to Keep the Remote Workforce and Your Business Secure

Companies can better protect themselves and ensure their customers’ privacy by following security best practices and maintaining effective corporate controls and procedures.

Some of the best practices to keep remote employees and their data safe start with educating and training your workforce on what to look for and how to prevent being tricked into phishing campaigns or malware attempts. Businesses should also issue employer-owned devices for all workers and define security protocols, such as use of VPNs, secure internal networks and firewalls.

Employers must also continually remind their employees to keep software and systems updated, use strong passwords that aren’t easy to crack and regularly monitor accounts for suspicious activity. Leaders should heavily lean on the policies and procedures in place that ensure business continuity and security during an emergency.

Start Relying on AI and Automation

Leveraging powerful technologies, like artificial intelligence (AI) and automation, can also have a tremendous impact on our ability to keep security risks in check no matter our location.

AI is used in cybersecurity for fraud detection, malware detection, intrusion detection, scoring risk in a network, and user/machine behavioral analysis. Nearly two-thirds of organizations think that AI will help identify critical cybersecurity threats and 69 percent of organizations believe AI will be necessary to respond to cyberattacks.

AI can also be used as a way to automate critical processes to help reduce human error. Take, for instance, accounts payable (AP) automation. AP automation eliminates paper checks, tagged as fraudsters' top target with 74 percent of businesses reporting that their check payments have been compromised, and replaces manual bill pay processes. All vendor, payment, and invoice information is paperless and stored via a cloud-based SaaS.

What’s Next?

While it’s impossible to know what lies ahead, cybercriminals historically evolve their methods and targets to outsmart prevention strategies. With so much uncertainty, proactive approaches remain an organization’s best defense.

In order for organizations to succeed against cybercrimes, they must make security a top priority by elevating its responsibility to senior management, incorporating it into departments beyond just IT and aligning security with key business strategies. Organizations should also embrace digital transformation and rely more on emerging technology, including AI and automation, blockchain, cloud and machine learning, to improve visibility and detect fraud.

The bottom line is cybercrime remains a serious worry for us all, whether we continue to work from home or return to our offices. Practicing good security hygiene and relying on technology can help protect ourselves and our employers.

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Christina Quaine is the Chief Information Security Officer who has spent the last 19+ years focused on IT Audit, Vendor Management, IT and Payment Card Industry (PCI) compliance. Most recently she served as the Chief Privacy Officer for Ally Bank where she was responsible for regulatory compliance, governance, incident management and Data Loss Prevention (DLP). She received her BS from Wayne State University and her MS from Walsh College in Business Information Technology and holds the following certifications: CGEIT, CIPP/US, CISA, ITIL and PMP.