For years finance pros have heard the best way to uncover fraud and other funny business is through a hotline. That’s still true, but here’s the thing: It’s not enough.
That’s the finding of the 2017 Hotline & Incident Management Benchmark Report by ethics and compliance experts Navex.
Relying on a hotline alone will get you 58% fewer reports than when you use a hotline in combination with other options.
More options = more tips
Whether you let employees call in or log in anonymously to speak up about ethical concerns, make sure your company is also keeping an eye out for tips these ways:
- manager submissions letters
- direct (non-anonymous) emails, and even good old-fashioned
- walk-ins/open door.
Of course, it’s not enough just to be open to these other avenues for employee tips.
Your company needs a systematic approach for collecting and following up on these reports.
To download the full report, go to navexglobal.com
Where firms are vulnerable
When it comes to fraud and which firms are vulnerable to it, the biggest risk may not be hackers. It could be what’s going on right under your nose.
According to a separate survey by Kroll, three-quarters of companies have experienced a fraud incident in the past year. And 81% of those companies said that insiders were primarily to blame.
The survey found insiders hit hard from all ranks. When it came to internal threats:
- 36% experienced fraud by senior or middle management
- 45% came from junior employees, and
- 23% of incidents resulted from contractors or other third-parties.
Risk exposure is going up
According to survey participants, the risk of fraud and information theft is skyrocketing. A full 80% of those surveyed said they’d become more vulnerable in the last year. And more than half (51%) ranked their vulnerability as moderate or high.
Some factors they believed left them exposed:
- high turnover (33%)
- increased outsourcing (16%), and
- complexity of products or services (11%).
Combating insider threats
The best way to combat insider threats is to make sure you’re covering all your bases whether you believe your employees are trustworthy or not.
Some rules to live by:
- Limit and restrict admin accounts. Make sure admin passwords are never shared, and update them whenever someone leaves the company or there’s a security incident.
- Hire smart. Make sure applicants are screened for any past security mishaps and that you’re running background checks if necessary.
- Keep an eye out. Regularly scan networks for unusual access patterns, such as logging onto the network from remote locations or at odd times of day.