Charities, social enterprises and other not-for-profit organisations are just as vulnerable to fraud as commercial businesses. In the age of online banking and remote working, the threats may be less visible but they remain ever present. Being aware of the risks and taking proactive measures to prevent fraud are crucial to protecting your organisation’s money and reputation.
To mark this year’s Charity Fraud Awareness Week 2021 (18-22 October), I’m sharing four ways to help you stay secure and protect your organisation from cyber-crime.
1. Understand cyber-crime threats
With fraud threats constantly evolving and becoming ever more advanced, knowing the ways fraudsters may try to target you can help keep your organisation secure. Here are examples of a few of the more common types of fraud:
- Social engineering: Fraudsters will prey on your trust and goodwill to trick you into sharing financial information or transferring money.
- Invoice fraud: Criminals pose as a supplier to your organisation and make a fraudulent request for their payee details to be changed.
- Malware, spyware and ransomware: Installing malicious software onto your computer to access and steal your data, take control of your devices, or prevent you accessing critical operating systems.
- Phishing and scam emails: Sending emails to you, embedded with suspicious attachments or links to malicious websites, where you’re tricked into providing personal or financial data.
- Vishing and phone scams: Phone calls claiming to be from bank staff, police or other trusted bodies asking you to divulge your bank account details or other confidential information.
Learn more about the different types of cyber-crime.
2. Know how to spot banking fraud and other scams
Banking scams use deception to gain your trust. Fraudsters will typically attempt to persuade you to share, confirm or change sensitive information, so they can access your bank account and steal your money.
One type of common scam is the Authorised Push Payment (APP) scam, also known as the bank transfer scam. Other types include impersonating a CEO or director’s email address to authorise a transfer, posing as an existing supplier to request their details be changed, or tricking your mobile network into transferring your phone number to a criminal’s SIM card.
Look out for pressure tactics, unfamiliar sources of instructions, unusual messages from a known source, or changes to a payee’s bank account details.
Find out more about what to look out for to avoid banking scams.
3. Follow your financial controls
If fraudsters target your organisation, your internal controls could make all the difference. Indeed, many fraud attempts are foiled by organisations stringently following their financial procedures.
However, the robustness of financial controls can be compromised by a lack of rigour internally. Here are seven tips to ensure they are properly understood and observed by all:
- Make sure your procedures are clear and easy for your staff and volunteers to follow
- Verify payment instructions every time, even when they seem genuine. Try to do this in person if possible, or else by phone using a known number
- Match payment requests with approved purchase orders
- Read terms carefully before accepting them and put in place clear levels of authorisation for ordering goods and services
- Protect your systems against ransomware attacks with anti-virus software, regular system updates and being aware of social engineering and phishing emails
- Ensure back-ups are taken regularly of important data. Make sure the back-up media – cartridge tapes or removable disks – are stored offline, disconnected from other systems
- Build a fraud awareness culture and ensure your staff and volunteers are aware of the latest threats and how to spot them
Read more about the importance of financial controls and how to check them.
4. Take precautions when working online or remotely
You can’t control the actions of fraudsters. But you can follow a few simple tips to help keep you and your organisation safe and secure when working online.
Here’s how you can help safeguard your computer and other devices, personal details and financial information:
- Be clever with passwords: craft something memorable, unique and complex
- Add layers of safety: use multiple systems such as passwords, two-factor authentication, anti-virus software and regular software updates to create several layers of protection
- Pay attention to detail: spotting a fake website or email is all in the details and these can easily be overlooked
- Keep operating systems and software updated: a simple but effective action for increased security, as is installing anti-virus software
Find out more about avoiding online fraud.
Preventing fraud in the charity sector may seem like a tall order. However, by making your staff and volunteers aware of the threats and building preventative measures into your processes, you can help safeguard your funds and your organisation’s reputation.
Dina Henry is Chief Operating Officer at CAF Bank
CAF Bank Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register number: 204451).
CAF Bank Limited Registered office is 25 Kings Hill Avenue, Kings Hill, West Malling, Kent ME19 4JQ. Registered in England and Wales under number 1837656.