Risk is something that every business must handle, with most focusing on external threats, such as computer hackers. But are the risks from the inside any different? And if not, are they being under-appreciated?
Internal threats are no different to external threats
The CIFAS Employee Fraudscape 2016 Report reveals just how prevalent internal fraud is in the UK, with the data once again showing that employment application fraud makes up the majority of internal fraud threats.
Almost 60% of employment related frauds are being committed by prospective employees or new employees who supplied false information on application to fraudulently gain employment.
This highlights the importance of knowing exactly who you are hiring. Once inside your organisation an employee has access to company data, potentially company finances, as well as customer data. Surely it is better to stop them getting through the door in the first place?
Companies invest heavily in information security to prevent an external breach – why not invest equally in preventing internal threats?
More than just employment application fraud
The 2016 report also identified the other internal threats faced by organisations, including dishonest actions to obtain a benefit either through theft or deception, unlawful obtaining or disclosure of personal information or commercial data, as well as account fraud.
All of these instances can have serious repercussions for an organisation, on their finances and reputation, as well as the impact a breach can have on staff morale.
Should these types of fraud be dealt with any differently than threats from external sources? Fundamentally, no – fraud is fraud no matter who commits it. But the internal risks can be mitigated by ensuring they never make it into your business with thorough vetting and due diligence.
The key is consistency
Tackling fraud from the outside means tackling fraud from the inside too. The risk is apparent from both sides, and businesses should be prepared to deal with both equally.