Security, which involves preventing and fighting fraud—especially for sensitive documents—is a topic that continues to be more and more critical in today’s world of ongoing digital transformation. But the warning lights are flashing red at many companies: The Association of Certified Fraud Examiners reports that U.S. businesses will lose an average of five percent of their gross revenues to fraud. This same 2018 report reveals that private companies and small business rank highest in occupational fraud frequency at 42 percent and a median loss of $164,000 compared to large corporations, government and non-profits.1
Why then do most organizations not have a crisis plan they can implement in the event that fraud occurs or there is a security breach? The risks of not having one are considerable:
- Financial impact—both short-term and long-term
- Data theft
- Negative impact on the company’s reputation
On the other hand, companies with a proactive approach gain many benefits, including: Greater loyalty from their clients; reduced operating costs; better brand image for their company; and promotion of their brand value as an employer.
In recent technology news, as one troubling example, Lithuanian Evaldas Rimasauskas and his co-conspirators created fairly convincing forgery emails using fake email accounts from a company called Quanta in Taiwan—a company Facebook and Google regularly conducted business with—and sent them to employees at Facebook and Google who responded by paying out more than $100 million to the fake company's bank accounts, prosecutors said.2
Shocking, right? If you are a finance leader that learned of this scam you probably cringed. “How could that have been so easy?” you are likely asking yourself and your AP team. And, “How exposed are we to such a scam?”
Responsible for the company’s financial health, the CFO is therefore explicitly involved with any losses caused by fraud, naturally on the frontline leading the fight. And if (s)he is going to be effective in leading the fight against fraud, they will need to adapt their defenses to face new and more aggressive forms of fraud and fraudsters who are better organized and more technologically proficient than ever. This leads us to three things that CFOs should be asking themselves, identifying types of fraud, and the seven key things they can do to help mitigate, even prevent, events such as the Rimasauskas case.
We’ll explore each in the next three episodes .
1ACFE 2018 Report to the Nations Global Study on Fraud and Abuse
2Huddleston, T., Jr., “How this scammer used phishing emails to steal over $100 million from Google and Facebook.” CNBC.com. Accessed April 3, 2019. www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html