Even if the COVID-19 pandemic was the primary driver of the hybrid work trend, it seems the model is here to stay. Many organisations have embraced the happy medium approach, combining remote and in-person work. Although the model offers certain benefits, it has also inadvertently made it easier for fraudulent activities to take place within organisations.

The hybrid work environment presents a unique set of challenges and vulnerabilities, giving rise to a range of sophisticated “new age” fraudulent activities and the ease with which fraudsters can conceal their activities.

The risk of cyberattacks has increased significantly as a staggering amount of personal and financial data is being stored digitally and employees are connecting remotely through unsecured networks.

This, along with the use of sophisticated tactics by fraudsters to capitalise on the vulnerabilities of the organisation’s IT infrastructure or the individuals involved, has led to an increase in cyberattacks, including ransomware attacks, phishing attacks, social engineering, identity theft, and impersonation.

Organisations must ensure the right investments are made in the IT infrastructure and that robust security protocols are in place to avoid situations like these. Organisations must make some basic IT investments in the form of multi-factor authentication, email filtering, and anti-phishing software tools to strengthen their cybersecurity posture. Training employees on topics such as cybersecurity can also help organisations deal with various types of cyber threats.Moonlighting or dual employment
The hybrid work environment has given rise to a culture of “moonlighting.” Lack of oversight during the COVID-19 pandemic resulted in employees taking up additional jobs for extra income, a trend we found to be more prevalent in the IT/ITES sector. Moonlighting, generally in violation of the code of conduct for most organisations (unless specifically disclosed by an employee and approved by the organisation), not only significantly reduces efficiency and productivity but also gives rise to new risks such as data leakage and IP theft.

Ghost employees are another prevalent fraud tactic in which organisations are tricked into paying money in the name of employees who do not exist. This was and still is a problem for industries that employ a considerable number of field or contractual staff.Implementing strong, in-depth background checks on potential employees can help organisations reduce these kinds of instances. This will help organisations identify whether a potential candidate has a history of fraud, theft, or any other unethical behaviour. Organisations can proactively detect instances of moonlighting take corrective actions by being vigilant and implementing continuous monitoring measures (log-in, log-out time, efficiency metrics, etc.) in place.

Expense frauds
From duplicate bills to inflated claims, organisations have always been defrauded by employees who file false reimbursement or expense claims. However, such frauds have increased recently because of the easy availability of templates for creating fictitious documents and tools to alter the digital documents, as well as the non-availability of tools and technologies with the disbursement team to evaluate the authenticity of the supporting documents being submitted by the employees.

Organisations should invest in the latest tools and technologies that can help in digitising the supporting documents submitted by employees and performing periodic analytics on employee reimbursement data to identify duplicate claims, fictitious claims, claims exceeding pre-defined limits, etc. Advanced training for the accounts payable team to identify red flags can also help curb such instances.

This new “future of the office” trend has led to instances where controls often do not work as intended. One of the reasons why fraudsters succeed during crises is because organisations are typically preoccupied in dealing with immediate business issues.

As there is no one-size-fits-all approach that governs organisations on how to handle hybrid work security, it is important for organisations to be aware of the types of new-age fraud risks and have a robust anti-fraud and continuous monitoring framework in place. Organisations should foster a culture of compliance through continuous training/awareness programmes. They should be vigilant to reduce fraud losses and the associated potential reputational damage.

(Aakash Sharma is Partner – Forensic, Financial Advisory, Deloitte India; and Lokesh Chopra is Manager – Forensic, Financial Advisory, Deloitte India.)


Source link