Following an alert from the National Fraud Intelligence Bureau (NFIB) highlighting the insider threat from fraudsters and cyber criminals, the Charity Commission has issued fresh warnings to charities. How can your organisation avoid falling victim?
The insider threat alert from NFIB reads:
“According to research over 50% of organisations have suffered an insider threat attack in the previous year. Further to this, 90% of businesses feel vulnerable to a cyber-attack from within the organisation. Insider threat actors potentially pose a greater threat than external fraudsters due to the unrestricted access they have to proprietary data and knowledge of the organisation’s inner workings.”
The Charity Commission warning which came shortly after the NFIB alert highlighted their research into insider fraud, revealing that these crimes were enabled because of:
- poor challenge and oversight
- no internal controls or, where controls did exist, not applying them consistently
- too much trust and responsibility placed in one person
Both NFIB and the Charity Commission provided the following protection and prevention advice:
- when stored electronically, access to sensitive files should be restricted to relevant staff only. You should also consider encrypting the documents
- monitor your employees for abuse of IT systems. Minor misdemeanours have the potential to escalate to serious frauds if they go undetected
- have clear policies and procedures in place for dealing with fraud and ensure that that all of your staff are familiar with them. Make it clear that any criminal breaches of your policies will be reported to the police and other relevant authorities
You can read more about Identifying and Preventing Fraud in our Non-Profit Support Centre.