This text is part of the special section Artificial Intelligence and Cybersecurity
Presidential fraud, phishing, ransomware, data theft: fraud committed by an internal or external person is on the rise in Canadian SMEs. No less than 75% of them have been victims in the last year, according to a KPMG Canada survey. However, investments in training in cybersecurity and protecting yourself from attacks are not always there.
“Fraud attempts have increased significantly in recent years — we can easily see this just by looking at our text messages — so there is a greater risk that someone will take the bait,” says Myriam Duguay, associate in the Forensic Accounting group. of KPMG in Canada.
The Canadian Anti-Fraud Center also received more than 90,000 fraud reports in 2022 for losses of $530 million, compared to 379 million in 2021 and 165 million in 2020. However, the same KPMG survey reveals that 87% of SMEs claim to have implemented a program to prevent, detect and manage fraud.
“However, they can have gaps, and fraudsters are always more and more astute,” notes Myriam Duguay. Then, the smaller the company, the fewer financial and human resources it has to prevent fraud. Large, robust and well-established anti-fraud programs are mostly in large companies. »
The risk of cutting training
Novipro, a technology solutions provider, surveyed Canadian companies of different sizes in March and found that due to concerns such as inflation and recession, their technology investments have decreased. If, in 2019, 92% of companies had planned, the proportion is now at 76%. This has consequences for cybersecurity, as 59% of employees currently have training in the field, compared to around 74% in 2019.
“However, employee training is what is the simplest and most affordable to implement, but it must always be renewed,” says Martin Pelletier, co-owner and head of strategy at Novipro.
Myriam Duguay is of the same opinion. “The greater the awareness, the less risk there is of having victims,” she said. There are still many people who click on links, or pay an account to a fake provider. »
What she advises employees is, if in doubt, to cut off communication and contact the person through another means. “For example, if a supplier’s accounting person sends an email with an unusual request, we call them directly at the phone number we have on file to verify,” she explains. This costs nothing and bypasses the fraudster. But, to develop this reflex, employees must be made aware of it regularly. »
She adds to this the importance of having a crisis management plan to act quickly in the event of fraud, as we do for other disasters, such as a fire at the head office, or a flood. “You have to know who the right people are to take charge of the situation, how to manage the confidential, reputational, legal aspect, etc. Having a plan will make all the difference. »
Technologies you need to know to protect yourself
There are also a host of technologies to be aware of when it comes to fraud prevention. “There are very simple elements, like tools to prevent employees who have a company laptop at home from installing personal stuff on it, like Netflix or games for their children,” says Martin Pelletier. This eliminates risks. And of course, always update software, because they plug security holes. »
There are also other, more advanced technologies for prevention, such as those that send an alert on exceptions. “For example, if an employee sends an email from their professional address to their Gmail or Hotmail address,” says Myriam Duguay. Or if he makes a transaction for more than $100,000 when normally, they are more modest. Or if a transaction is carried out at an unusual time. This does not mean that the employee is committing fraud, but it must be checked. Because the sooner we catch a fraudster, the more we reduce the impact. »
But, before investing in any technological solution, the important thing is to carefully target the risks and controls in place. “You have to make sure you know what the biggest, most likely risks are in your business and what controls you have put in place to minimize them,” explains Myriam Duguay. A third of fraud in organizations is linked to a lack of control. And often, senior management was not even aware of this risk and they say: if I had known! »
This content was produced by the Special Publications team at Duty, relating to marketing. The writing of the Duty did not take part.