Remote and hybrid working models have become the norm for many since the COVID-19 pandemic. One US study found that 62% of respondents work in the office full-time; a slight decline from 66% in 2023. Meanwhile 27% are fully hybrid, compared to 26% in 2023. And 11% are fully remote, an increase from seven percent in 2023. That the changes in these figures are quite slight suggests that working habits are stabilising and that, broadly speaking, organizations have settled into a working model that works for them.
For those that adopt the hybrid approach, there are many benefits. Not having to travel to work so often – or at all –opens up wider recruitment options for both for employers and candidates. Findings and opinions vary, but some studies suggest that employees working from home are more productive than those in the office. Less stress and better work-life balance are also key benefits often cited.
This change in working habits has implications for how organizations approach fraud prevention. Remote workers are not subject to the same traditional physical controls of an office environment. This affords rogue employees more opportunities to exploit consumer data. Where workers are working on their own devices (for firms that operate Bring Your Own Device BYOD model), there is a risk that devices may not be monitored or protected in the same ways as other company-owned devices.
It should be noted that no correlation has been drawn between the rise in remote working and the rise in employee fraud. Nevertheless, organizations need to educate themselves on the nature of additional risks and review and adapt their approach to fraud prevention accordingly.
Failing to do so can lead to far-reaching effects:
Financial losses: In the US, losses from employee fraud contribute to the more than $2 billion that individuals and organizations in the US lose each year due to cyber fraud. Globally, occupational fraud losses reached $42 billion in 2023, with a median loss of $150,000.
Fraudulent activity by employees tends to result in high losses because the perpetrator aims to exploit a gap in the organization’s defences as quickly as possible before they are detected.
Regulatory breaches: Organizations that fail to detect and respond to employee fraud breaches are likely to be reprimanded by their relevant regulator(s). Repercussions can include reprimands and significant penalties including fines.
Impact on brand and reputation: Regulators sometimes publicise the sanctions applied and firms may find that they face damage to their brand and reputation as a result.
A new approach to fraud prevention
It’s clear that organizations need to reform their fraud prevention systems and processes to accommodate hybrid and remote working. To establish how to do this, it’s important to examine how employee fraud can occur.
Rogue employees can:
- Legitimately access a consumer’s profile and then associate it with another device and email that they possess. Using these credentials, they can access consumer accounts or facilitate fund transfers
- Direct unauthorized payments or transfers to themselves by using other employees accounts
- Use their own devices to access customer records, take pictures of sensitive information displayed on the screen and send the data via encrypted messaging apps or personal email accounts.
Many organizations will assume that relying on standard fraud prevention vendor solutions is sufficient protection. However, these systems work on the principal of detecting when a user goes beyond their prescribed access level by referring to the user ID and the stated policies and permissions. But where organizations have employees working remotely, this is not sufficient, and organizations need to adopt more sophisticated technologies to detect breaches.
These new solutions derive data from a number of sources, including:
- EDR data (endpoint telemetry, user accounts, SSIDs (when available), IP addresses and activity logs)
- Application server logs – records of customer profile changes made by employees, consumer portal access logs including transaction data, device data on accounts and IP addresses
- Roles Based Access Control (RBAC) & Attributes Based Access Control (ABAC) data.
Graph analytics can then make connections between employees, devices, consumer accounts and actions. Links can be made between user IDs, device digital certificates, device types (BYOD vs provisioned) and IP addresses to identify unusual activity or interactions, such as customer profile changes or payment initiations by employees originating from the same or proximal IP addresses as those associated with employees.
In addition, Temporal Analysis can put together a sequence of events to identify unusual activity, such as repeated changes to consumer information across accounts, systems accessed outside of normal working hours, unusual usage patterns of network connections (Wi-Fi and SSIDs), and use of unknown devices on consumer accounts related to an employee. Crucially, it can review the sequence of events to identify where profile changes were followed by unauthorized access.
Through reviewing this data, the system can generate alerts based on the analysis. These alerts can notify the organization of red flags such as: unusual customer profile modifications, unauthorized attempts on consumer accounts from IP addresses not associated with the consumer account or multiple password reset requests from consumer accounts after employee modifications. Elevated access or privilege escalation attempts by employees, high-risk employee activities outside normal business hours and role-based access control (RBAC) or attribute-based access control (ABAC) policy violations at the user, device, IP address level, can also be detected.
By identifying these red flags, organizations have the best chance of being notified of potential issues before fraud has occurred, enabling them to investigate further. The technology can build a picture of what’s occurred, ensuring that the organization has all the required information to take action if necessary.
The world of hybrid working means that organizations need to rethink how they approach fraud detection. ‘Traditional’ solutions are no longer sophisticated enough and, considering the potential significant consequences of fraud, organizations will want peace of mind that they are well protected. End-to-end solutions which review the existing defence and policies, identifies weaknesses and deploys technology to address them will mean that stringent measures are in place and that remote working remains a safe and viable option.
