The increase in home and hybrid working can certainly be seen as a great way to reduce carbon emissions due to the lack of commute.
There are also the great savings to be made when it comes to petrol and travel passes.
However, there are downsides, particularly from a security perspective. Remote employees may unintentionally put your company’s data and networks at risk.
The PWC Global Economic Crime and Fraud Survey 2022 highlighted the risk of remote working. While there was some good news in relation to asset misappropriation falling in the last two years (possibly due to employees not being in the office as often) other risks were rising.
The survey found that in the past two years where there has been an increase in remote working there has also been an increase in the risk of blackmail or physical harm to employees with access to valuable corporate data at home.
People are working from home in a time of economic uncertainty. When someone is struggling financially it can lead to them taking chances that may not have been available in the office.
A fraudster needs the opportunity to be able to commit fraud in the first place. Being out of sight from prying eyes could be all the temptation that is needed.
Know your customer
One of the key controls around financial crime is to do with the identification and verification of clients.
Knowing who our customers are is a vital part of financial crime prevention.
When people are working from home there will be an increase in video and telephone calls with clients. It also means seeing scanned copies of documents rather than the originals.
A worst-case scenario could lead to impersonation fraud.
So how do you approach this while maintaining a positive connection with the client? How do you make sure the right controls are in place?
There's no one-size-fits all approach to stopping fraud. The best approach for one firm will not necessarily work for another, but some options to mitigate the increased risk of home working include:
- Ensuring that employees can only access company data via a secure network (so not while sitting at Starbucks on the public wifi).
- Providing devices to employees so that they are not logging on from their personal laptop or mobile phone.
- Having an IT subject matter expert who can manage software updates and security protocols.
- Restricting access to sensitive data (client data, employee data, payroll data) so that only those that need access to do their job can access it.
- Providing training to all staff outlining what your expectations are, particularly around the access to client data.
- Checking if there are controls around printing outside of the office. Does this include client data and is there an audit trail?
- Ensuring that there are appropriate controls in place with identifying clients if not done face-to-face.
- Speaking to your team regularly about security and ensuring that everyone understands how to keep their home network protected.
Our prevention process
We ask everyone to act and think as the client’s adviser, for example:
Client goals: is this request in line with the clients' goals?
Experience: does the tone of the email differ at all from previous correspondence?
Client profile: is this email actually from the client and has it been verified against what’s on file?
We advise against using a work computer for personal use, such as online shopping, emails etc. We also review our cyber risk and financial crime policies annually.
We check the 'rules' function on our email accounts to ensure there haven’t been hidden folders set up that would divert emails to somewhere a fraudster may want them to go.
We have annual financial crime training and awareness sessions to keep this front of mind.
Working from home or working in a hybrid world can absolutely be safe and secure, you just need to ask yourself what controls and oversight do you have to ensure that any increased risk is mitigated?
Let us know if you’d like to discuss this in more detail – we’d be happy to chat.
