COVID-19 has changed American culture in more ways than we could possibly address in this article, with a permanent impact reaching from education to healthcare and, especially, the workplace. One of the most radical changes many companies continue to reckon with stems from the rapid and lasting transition to remote work.
Businesses across the country adopted new work-from-home policies at an alarming speed – sometimes even overnight – to protect employees’ health. Along with the obvious infrastructural and technological challenges, the expeditious conversion to a remote workforce also triggered new fraud concerns. Inadequate time to vet technology and prepare employees combined with the new stressors of a global pandemic have introduced unique vulnerabilities that could be putting your company at risk.
Worried your business may be exposed after going remote in 2020? Here are the top 3 vulnerabilities we think businesses should be monitoring in a new remote environment.
1. Employee-related vulnerability
One of the most common struggles with a remote workforce is the lack of direct supervision. Without it, employees have new access and opportunity to commit certain types of fraud that are more difficult in an office environment. Think data theft, time theft, payroll fraud, workers compensation fraud
The pandemic has also created new motivation driven by financial hardship, in addition to the new opportunities. In the financial crime world, we call that the fraud triangle: fraudulent behavior is more likely to occur at the intersection of pressure, opportunity, and rationalization. Remote work provides the perceived opportunity, while financial hardship can add to the pressure; the rationalization can easily follow.
There are steps you can take to protect your company against employee-related fraud, primarily through the implementation of new processes and technologies. Here are just a few ideas:
- Offer company-issued devices and home office equipment to reduce data theft and ensure safe work environments
- Allow for flexible work schedules to reduce motive and opportunity for time theft
- Use time tracking software to monitor productivity
- Implement right restrictions of payroll records
2. Data security exposure
Employee-related data theft isn’t the only type of data security fraud you should be concerned about with remote employees. Don’t underestimate the security vulnerabilities that occur when you can no longer control your employees’ working environments. Many remote workers will take advantage of their newfound flexibility to work in public places like coffee shops, hotels, shared workspaces, etc. What do these environments have in common? Public Wi-Fi.
Even one employee on a compromised public Wi-Fi connection can leave your company susceptible to a data breach. One successful phishing attempt could reveal your company’s confidential and proprietary information and ruin the reputation you worked hard to earn from your customers. The risk for either of these scenarios skyrockets in a fully-remote workforce.
Ensure your company is taking the necessary steps to improve network security with the appropriate accommodations for remote workers and the risks they bring. Modernize your company’s best practices in-line with your changing work environment and educate your employees on working more safely from public spaces. Assess your current infrastructure for weaknesses and consider upgrades to your company’s security protocols. While the pandemic may have bred opportunity for fraud, it also created a hotbed for innovation, resulting in more innovative cybersecurity solutions than ever before.
3. Long-term sustainability
Many businesses transitioned to remote work as an emergency response; one year later, some companies have yet to change that mindset. If you’re still viewing remote work as a stop-gap solution to the pandemic, then you’re ignoring potentially costly vulnerabilities. It’s time to adapt to remote work as a permanent part of our culture and evaluate your fraud risk and preparedness from the lens of long-term sustainability.
Monitor your company’s books and records more closely for any signs of fraud, using a holistic approach to assess your entire company’s risk. If you find signs of fraud, investigate immediately and use the findings to inform new priorities and policies that are better aligned with a remote workforce. Additionally, take a more individualized look at your employees’ KPIs and consider other indicators you can introduce to detect and deter fraud. Learn from your company’s experiences over the past year to build a safer, more sustainable remote work environment that will protect against fraud even after the pandemic.
The bottom line
Your company’s transition to remote work may have felt sudden and temporary at the start, but chances are it’s here to stay, at least partially, – and so are the new risks for fraud. If you’re ready to stop waiting for the pandemic to end and want to create a modern strategy against fraud, Aprio is here to help.
The Litigation Support and Forensic Accounting team at Aprio can perform a fraud risk assessment to identify your vulnerabilities, refine your priorities, and create new policies to mitigate risk. We can also help conduct investigations if you’re concerned about fraud committed within the company, such as asset misappropriation. We want to help you prepare for what’s next.