The majority of many organizations’ workforce are working from home during the global pandemic. Organizations had to adapt quickly to the remote workforce mentality with little warning and the results show it; very little fraud or security related planning was put in place around work at home controls. Many organizations did a great job giving their employees the ability to work from home so the organization could survive and thrive, but what this means for your organization is that the risk of fraud or security incident is probably higher than it should be.
Employees often feel a lack of oversight from management, and their perceived opportunity to take advantage of the new found freedom often results in a fraud or security incident, due to the lack of planning, policies, and procedure creation surrounding work from home. Organizations need to take a step back and realize this “new normal” is going to be with us for a long time.
Ways organizations can improve controls around their remote workforce
- Develop policies and procedures surrounding work at home by answering basic questions that we take for granted when working onsite at the organization.
- When can I work? What are normal working hours? Can I substitute weekend days for weekdays?
- Are there core hours I need to be available for internal staff and clients?
- What devices can I work from?
- Security surrounding working from home. Possible data breach due to family and friends viewing data on screen or in printed form.
- Dress code changes
- When in the office
- Zoom or Team calls
- Rethink how the organization approves timesheets.
- Does it work in the “new normal?”
- Does the employee have the opportunity to abuse that policy?
- Is software available that the organization can use to track employee activity on their work device?
- How much Big Brother is too much? There is a fine line that, once crossed, will make for a harsh work environment.
- Rethink security awareness training in the “new normal” environment.
- What additional threats and vulnerabilities has your organization introduced into day-to-day operations by the “new normal?”
- Rethink mental health.
- Are you running your organization in a way that keeps your employees happy and not depressed?
- There are only so many ways an organization can do this, but are you doing it? Every employee is dealing with this pandemic differently.
Potential fraud in the “new normal”
- Fictitious time sheet hours.
- This could be caused by lack of oversight by management, and higher than normal perceived opportunity by the employee. An employee commits outright fraud by submitting falsified timesheet hours.
- This could be caused by dual roles at home. An employee may perceive that this “new normal” allows for dual roles in the same time frame. This could end up being a slippery slope.
- Parent and work.
- Gardener and work.
- Maintenance and work.
- Using company owned devices for the employee’s personal gain.
- Is there a policy?
- Is it ok to use the company provided laptop, scanner or printer for a child’s homework or a partner’s job?
- How does the organization detect unauthorized use?
- Data theft – Are your devices secure? Are you monitoring data leakage?
- Intentional data theft by employees.
- Intentional data theft by partners, roommates or family members.
- Unintentional data theft via employee use of unsecured networks.
With great power comes great responsibility. We have given our employees the tools to do their job. We, as an organization, need to protect the organization and employees from a fraud or security incident by rethinking the controls in place surrounding the “new normal,” so that we can mitigate the risks created by this “new normal.”
If you have any questions regarding this article or if your organization would like to discuss any fraud related topics further, please email David Hammarberg, Principal with McKonly & Asbury at email@example.com.