Welcome to Cybility Savvy the show that demystifies cyber security for not-for-profit boards and leaders.
Hello I'm your host Michala Liavaag founder of Cybility consulting.
It's October which means cyber security awareness month. In this episode we're going to talk about how can charities fight against fraud. As I mentioned in the first episode of Cybility savvy a lot of people tend to think you know no one would want to target us you know we're a charity we're working for public good, and you might think the same applies with fraud. However, in reality charities non-governmental organizations, the NHS, and other not-for-profits are hugely susceptible to fraud and are very easily targeted unfortunately. Certainly, in the charity sector we rely very much on volunteers to do the work and that whole thing around people coming in deliberately to defraud charity is very difficult to guard against in terms of screening.
Now those organizations who have been providing services and supporting local communities, particularly across the pandemic have been you know affected even more so and are very susceptible to this unfortunately. As well as cybercrime going up through the pandemic when Covid-19 hit it's also been a wonderful opportunity for scammers in general.
In addition to the phishing that we spoke about last episode, and how attackers then used Covid-19 as one of their lures to get people sucked into clicking and those links and attachments, it's also been great for scammers in general not just cyber criminals. They've been the fraudulent insurance adverts, pre-paid funerals. You've had people claiming that individuals have broken lockdown rules. And as before the pandemic the business email compromise has continued in terms of people impersonating businesses, suppliers, and asking you know their bank details to be changed.
There are lots of different types of frauds that you need to be concerned about when you're in an organization and first port of call I direct you to is the fraud advisory panel they run the charities against fraud campaign each year and have a wealth of resources including a 10-minute little e-learning video that you can watch and share with your staff, so I'd encourage you to do that as your action this week.
Now one of the other resources that they've provided along with the charity commission is an infographic about the 10 questions that trustees should ask. Now if you have a look you'll actually notice that you could easily substitute cyber security for most of these things. Like any risk there are similar things you can do, policies, training, awareness, monitoring. So, fraud and cyber security programs are actually very closely aligned and can contribute hugely in this area. If you're a trustee I would encourage you to go and have a look through this
Now I'd just like to wrap up this week with a couple of examples of you know how I've seen this affect charities. You see people creating Facebook and other social media groups purporting to be collecting on behalf of a charity, using logos in a way that they shouldn't to try and provide that legitimacy. You get people who will genuinely sign up as collectors so that they can get all the gear, but then they don't actually pay up, and in practice you know who's got the money to chase after some of these people when it costs you an awful lot to do so for perhaps not much reward. So, a huge shout out to all the counter fraud investigators out there who are working a very challenging role.
One of the areas as well to think about as a leader especially with digital transformation and the increase in those interconnectedness of systems, so that you know you don't enter data twice, it flows from one system to another seamlessly. Each of those transfers is an opportunity to intercept, change, or completely disrupt those flows for an attacker. Or somebody inside the organization who might be looking to commit fraud. When you are involved in those digital transformation programs or new projects and looking at those processes, make sure that your project managers or the line managers who are responsible for those are actually considering these sorts of risks in those process reviews. And actually that's all about security by design and default, which will lead us nicely into next week when we'll be talking about cyber security first and what that means.
I know we don't like to talk about fraud but hopefully that's given you a little bit of an insight and you can go and ask those questions in your organizations. Cybercrime and fraud are very interlinked and typically we work together, so if you're not already doing that that's something that I'd encourage you as leaders to get the ball rolling on as well.
Once again I ask you as leaders to continue doing your part and be cyber smart.