At an internal level, fraudulent practices in the workplace may look like employees falsifying data and invoices to embezzle money, outright theft of company funds, or employees taking bribes from third-parties. We recently spoke with some of Canada’s top fraud investigator at Haywood Hunt Private Investigators to get their take on how businesses can best address fraud in the workplace.
With the rise of AI and programs like ChatGPT, fraud can occur through employees knowingly submitting AI-written work without informing their manager. One strategy to deal with AI-based fraud includes hiring a computer programmer experienced with AI and machine learning, and having the programmer double-check other employees’ work by running it through an algorithm to check if the work was AI-written.
Alternatively, businesses can prohibit employees from accessing websites like ChatGPT and other AI-learning programs during work, using existing mechanisms that allow a company’s IT department to prohibit certain websites from being accessed. Avoiding this kind of fraud is crucial, otherwise consumers are being deceived by unknowingly paying for an AI-made product.
How to address fraud
Addressing embezzlement, theft, or bribery at an internal level requires businesses to introduce internal watchdog measures to ensure that employees are maintaining records of the movement of company funds. This type of fraud is especially dangerous as it presents legal issues that can undermine a company’s capacity to continue operations, particularly if law enforcement agencies or private investigators are needed to investigate the fraud. A method of dealing with these fraudulent behaviours involves a combination of preventative measures and increased oversight to catch any fraud after the fact.
Preventative measures include having a clear company policy regarding acceptable and unacceptable conduct involving receiving gifts or money from clients, and ensuring that employees with access to company funds (through credit cards, etc.) have their purchases monitored by the financial department of the company; if an employee loses their company credit card, company policy ought to require that the employee fill out a report.
Other preventative measures include screening potential employees with background checks to avoid employees with criminal records, and ensuring that employees are well-compensated for their work to disincentivize them from engaging in fraudulent behaviour. In the event that an employee commits some type of fraud and the company is unaware, the company still needs its financial department to perform an annual audit of expenditures to ensure that every dollar is accounted for. Once a business becomes aware of fraudulent conduct, they have an onus to report this fraud to law enforcement, and immediately investigate what happened.
Externally, dealing with fraudsters outside of the company often occurs through lax cyber-security measures. Online fraud looks like fraudsters tricking employees into giving up vital information, passwords, or money to them; the fraudster achieves this usually through scam emails or hacking attempts of a company’s cyber security system.
Addressing these external fraudsters in the workplace requires establishing a clear company policy regarding cyber-security, providing regular reminders or training to employees. This involves the company sending emails to employees and holding at least one meeting a year reminding employees to avoid clicking on suspicious emails, be cautious of emails from external parties from the company, avoid using the same passwords across their various online accounts, create strong passwords, and regularly back-up files in case the server crashes.
Other strategies to deal with online fraud involve stress-testing the cyber security systems of the company; this means bringing a consultant to test the strength of the company’s security systems, to test if the employees know about the company’s cyber security policy, and soliciting advice from the consultant to further improve the company’s anti-fraud security. Employees need training, whether the training is internally provided through a company’s tech department or externally provided by an expert, in order to develop the vigilance necessary to avoid being defrauded online.
A low-cost method would be to mandate that employees must use two-factor authentication to login onto their account; in other words, once an employee types in their password, they also need to verify a login attempt on a phone app like Microsoft Authenticator. Even if a fraudster steals the employee’s password, there’s still a second barrier protecting the company’s information.
If a company’s budget allows for it, the company can license anti-virus software from security software companies like McAfee, Avast, or Microsoft Defender. Anti-virus software provides a medium-level of security that can identify common spam email, potential viruses on a website, or content that should not be downloaded. Without these protections, fraudsters can steal company information and cost businesses millions of dollars in lost profit due to a data breach.
In conclusion, there seems to be two main types of fraud in the workplace; internal fraud which is fraud committed by people within a business, and external fraud committed by third-parties not involved with a business. Addressing these types of fraud involves strategies that require a great deal of employee training to ensure that employees can identify and avoid fraud; other common strategies involve creating a watchdog to monitor the company for fraudulent conduct. Otherwise, not implementing these strategies will risk companies their bottom-line.