This text is part of the special section Artificial Intelligence and Cybersecurity
Presidential fraud, phishing, ransomware, data theft: fraud by an internal or external person is on the rise in Canadian SMBs. According to a survey by KPMG Canada, as many as 75% of them were victims last year. However, investments in cybersecurity and attack protection training are not always present.
“Attempted fraud has increased significantly in recent years – we can tell just by looking at our text messages – so there is a greater risk that someone will take the bait,” says Myriam Duguay, an associate in KPMG’s forensic accounting group in Canada.
The Canadian Anti-Fraud Center also received more than 90,000 fraud reports in 2022, with losses of $530 million, compared to 379 million in 2021 and 165 million in 2020. However, the same KPMG survey shows that 87% of SMEs report having implemented a fraud prevention, detection and response program.
“However, they can have loopholes and fraudsters are becoming increasingly sophisticated,” notes Myriam Duguay. The smaller the company, the fewer financial and human resources it has available to prevent fraud. Large, robust and established anti-fraud programs usually exist in large companies. »
The risk of shortening training
Novipro, a technology solutions provider, surveyed Canadian companies of various sizes in March and found that their technology investments have declined due to concerns such as inflation and recession. While 92% of companies had planned in 2019, the proportion is now 76%. This has implications for cybersecurity, as 59% of employees currently have training in this area, compared to around 74% in 2019.
“However, employee training is the easiest and cheapest to implement, but it always needs to be renewed,” says Martin Pelletier, co-owner and head of strategy at Novipro.
Myriam Duguay agrees. “The greater the awareness, the lower the risk of becoming victims,” she said. There are still many people who click on links or pay for an account with a fake provider. »
She advises employees to stop communication and contact the person another way if in doubt. “For example, if a supplier’s accountant sends an email with an unusual request, we call them directly at the phone number we have on file for verification,” she explains. This costs nothing and bypasses the fraudster. However, in order to develop this reflex, employees must be made aware of it on a regular basis. »
She adds the importance of having a crisis management plan in place to respond quickly in the event of fraud, as we do with other disasters, such as a headquarters fire or flood. “You have to know who the right people are to take control of the situation, how to deal with confidential, reputational, legal issues, etc..” Having a plan will make all the difference. »
Technologies you need to know to protect yourself
There are also numerous technologies to consider when preventing fraud. “There are very simple elements, such as tools that prevent employees who have a company laptop at home from installing personal things on it, such as Netflix or games for their children,” says Martin Pelletier. This eliminates risks. And of course you should always update the software because it closes security gaps. »
There are also other, more advanced prevention technologies, such as those that send an alert when exceptions occur. “For example, when an employee sends an email from their work address to their Gmail or Hotmail address,” says Myriam Duguay. Or if he normally makes a transaction of more than $100,000, they are more modest. Or if a transaction is carried out at an unusual time. This does not mean that the employee is committing fraud, but it does need to be checked. Because the sooner we catch a fraudster, the less we can reduce the impact. »
However, before investing in a technological solution, it is important to carefully consider the risks and controls in place. “You need to make sure you know what the biggest and most likely risks are in your organization and what controls you have in place to minimize them,” explains Myriam Duguay. A third of all fraud cases in organizations are due to a lack of control. And often management was not even aware of this risk and said: “If I had known!” »
This content was created by the Special Publications team at Duty, related to marketing. The writing of the Duty did not participate.
To watch in the video
Extreme problem solver. Professional web practitioner. Devoted pop culture enthusiast. Evil tv fan.