Charity Commission renews insider fraud warnings
Watchdog warning follows National Fraud Intelligence Bureau report that at least 50% of UK organisations have been victims of insider fraud in last year.
The Charity Commission has issued a new alert to charity trustees, employees and volunteers that highlights the heightened risk of insider fraud posed to their organisations by cyber crime.
The alert follows a renewed warning from the National Fraud Intelligence Bureau (NFIB) which found that more than 50% of organisations have been subject to an insider threat attack in the last 12 months, and that 90% of businesses ‘feel vulnerable to a cyber-attack from within their own organisation’. Charities are as vulnerable to insider threats as the private or public sector, the Commission added.
The Bureau points out that insider fraud poses a greater threat than external fraud due to differing access levels to proprietary data and knowledge of an organisation’s inner workings. It warns against insiders with access to confidential data, and says in incidents can go undetected due to lack of proper auditing or data control measures.
Charity Commission research about insider fraud found these crimes were made possible because of poor challenge and oversight, no internal controls or, where controls did exist, not applying them consistently, and too much trust and responsibility placed in one person.
The Charity Commission alert contains three key points of protection and prevention advice:
- When stored electronically, access to sensitive files should be restricted to relevant staff only. Charities should also consider encrypting the documents.
- Charities should monitor employees for abuse of IT systems. Minor misdemeanours have the potential to escalate to serious frauds if they go undetected.
- A charity must have clear policies and procedures in place for dealing with fraud, and ensure that that all of its staff are familiar with them.
- Policies and procedures should make it clear that any unlawful breaches of established policies will be reported to the police and other relevant authorities.