Category

Fraud

Three Potential Fraud Risks–And How to Prevent Them

By | Fraud, Nonprofit | No Comments

When many nonprofits were forced to adjust to the new business climate created by the global pandemic, few considered that with the abrupt changes came an increased risk of fraud. As nonprofits worked hard to keep their doors open and find new ways to serve their constituents, raise funds, and conduct business, new areas of risk also opened for many nonprofits.

According to Accounting Today, the risk of fraud greatly increased during the pandemic. In May of 2020, 68% of investigators said they were seeing a rise in fraud. By August, that number had increased to 77%.

The types of fraud varied. Some saw a rise in insurance fraud, while others noted employee embezzlement or intentional fraud connected to financial statements.

Here, we’ll cover three areas of business that, with the changes created by the pandemic, may have opened your organization to additional risk. If you take steps now, you may be able to prevent problems before they arise.

Internal Risk

Many nonprofits relaxed their internal controls as their employees shifted to telecommuting. Employees who wouldn’t dream of stealing from the organization while they were at work may be tempted by an “out of sight, out of mind” attitude by working from home. Sadly, employees may be struggling with financial strain if a family member lost their job or bills are mounting. These circumstances can tempt even the most honest person to conduct fraud.

Circumstances may also have opened the door for employee theft. What used to require a physical signature may now be approved via the computer. Limits on how much an employee could sign checks for may have been changed.

To prevent employee theft and fraud, now is a great time to revisit your organization’s internal controls. Review your policies and decide which controls may be returned to pre-pandemic levels.

Check in with your employees. It helps prevent the “out of sight, out of mind” attitude if employees feel connected to their managers and colleagues. It also lets them know you care and, if they are struggling, they may feel comfortable enough to share it with you. Then, you can choose to help them if possible.

Procurement Fraud

If your nonprofit purchases supplies of any type, you should consider the potential risk of procurement fraud. Procurement fraud can occur in many situations. A new vendor may request payment in advance or partial payment in cash, then skip town without delivering the order. Or they may shortchange an order, pocket the difference between what was ordered and what was delivered, and count on the fact you have fewer than normal people working on site to catch the difference.

To combat procurement fraud, it’s important to continue performing due diligence with any new vendors. Be sure to physically review all supply orders and compare purchase orders with invoices to make sure everything that was ordered was delivered on time.

Cyber Fraud

Lastly, with the changes created by the pandemic, the risk of cyber fraud may be increased. Many nonprofits had to make do with existing technology to enable employees to work from home. This led to employees using their own devices and potentially using unsecured WiFi. Both can open the door for trojans, viruses, malware, and ransomware.

If your organization rushed into telecommuting, now is the time to take a step back and look at the technology you’re using. Does it support secure remote access? Cloud-based systems offer enhanced security features as well as easy remote access and may be an ideal solution for nonprofits who wish to continue to allow telecommuting.

Some cybercrimes can be prevented through increased awareness and vigilance. Consider adding additional training for your staff so they can recognize phishing emails and similar schemes to gain access to your organization’s systems.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

 

 

Know Your Scammers – Cyber Fraud Signs

By | cyber security, Fraud | No Comments

Many of us grew up with Saturday morning children’s cartoons. Is it me, or did every cartoon villain look the same? They always tiptoed towards their intended target and hoisted big empty sacks over their shoulders (the better to cart away their loot!). Everything about them screamed VILLAIN in all-caps. 

Well, of course, it was easy to identify the bad guys in those old cartoons. After all, they were created for children’s entertainment, and kids like things simple. But don’t we all? We all long for it to be easy to identify the “bad guys” out there, and that includes cyber crooks as well as the classic cartoon crooks.

As organizations struggled to cope with the many changes initiated by the coronavirus pandemic, cyber crooks were already on the hunt for their next victim. Many found easy targets among the small businesses, including nonprofits, in turmoil. Without the routine of daily interactionism among employees, easy access to communications to reach fellow workers to ask questions, and looser security among IT networks to enable workers to work from home, cyber crooks didn’t need to tiptoe around in the dark. They acted boldly, and many succumbed to their lures.

Don’t be caught by cyber crooks this year. Know the signs of cyber fraud and protect your nonprofit from the current scams as well as general scams aimed at stealing your data.

Email Fraud – CDC Fake Emails

It was inevitable that criminals found a way to exploit people’s trust in the CDC. One common cyber fraud scam sent emails purporting to be the CDC to organization owners with a link in the email text encouraging them to click for more information.

Savvy recipients spotted several issues with the “CDC” emails that can help you recognize and avoid such phishing emails in the future.

  • Recipients hadn’t contacted the CDC and wondered how the CDC obtained their email addresses.
  • Sharp-eyed people recognized that when they held their mouse over the CDC link, it pointed to another website. 
  • The wording, spelling, and grammar weren’t quite right in the email. It was as if someone had run the text through Google’s translate feature. (Perhaps they had)
  • The email requested personal information to respond, including the recipient’s email address and corporate login information. The CDC wouldn’t ask for that information.

These are all signs of a typical phishing email. Other signs include a generic salutation, fuzzy logos (because they are cut and pasted from the web), or fonts that look odd compared to actual communication from the company, firm, or government agency.

When in doubt, never click a link. Instead, log into a fresh browser screen and visit the site on your own. If there is no message pertaining to the topic of the email, it’s likely it was a phishing scheme.

Specific Nonprofit Risks

As a nonprofit organization, you’re probably soliciting donations online right now to make up for lost revenues from cancelled in-person events.

However, constituents are bombarded right now with both legitimate and not-so-legitimate requests for funds from charities and fraudsters pretending to be charities.

How can you help them distinguish between actual charitable solicitations and fraudulent ones?

  • Remind constituents that they can always visit your website and donate on their own—they do not need to do so through the link in your email (a cyber crook would never say this).
  • Through your website, continually offer updated information on funding campaigns, progress towards goals, and financial information.
  • Remain transparent with all financial dealings.

The key to helping constituents feel comfortable enough to give online is to maintain clear and honest communications about your nonprofit’s finances. Now is the time to offer great transparency into your organization’s finances and to reassure donors at every step of the way that their money is being put towards the work of the organization.

Mitigating Cyber Security Threats with the Right Technology

Awareness and training go a long way to reduce the risk of cyber fraud, especially phishing schemes like the first one we described. Nonprofits can also reduce their risk by maintaining dedicated VPN lines, special inbound connections with encryption that keep their servers secure.

Overworked IT departments, older software, and similar factors can make your nonprofit vulnerable. Close these gaps now before it’s too late. In 2019, data breaches exposed over 4 billion records, and the companies in the thick of such data breaches found themselves embroiled in months of clean-up work. Not all of these companies were big corporations, either. Small businesses and nonprofits are especially vulnerable because cybercriminals know they don’t have a big team of IT professionals on call to handle cybersecurity.

Take time now to update your systems, review cybersecurity procedures, and work with a company such as Welter Consulting to prevent cyber fraud. Criminals don’t tiptoe through backyards carrying big sacks like in the cartoons. They sneak in through emails, attack vulnerable software, and look for small businesses unable to fight back. The time to shore up your defenses is now.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Simple Steps You Can Take to Prevent Cybercrime

By | Fraud | No Comments

If you’re not taking steps to reduce your risk of cybercrime, you should. Nonprofits aren’t immune to attacks from criminals, and, in fact, the opposite may be true. Many cybercrimes target small businesses and nonprofits because criminals know that these organizations lack resources, such as insurance or IT specialists, to fight back. Instead, they often submit to the criminals’ demands and pay the ransom. The criminals can then head to their next victim without punishment.

It’s time to reduce cybercrime risk by taking proactive steps. While you cannot eliminate the threat from attacks, you can certainly take steps to minimize risk. It’s like installing sturdy locks on the door of your home, an alarm system, and a webcam; it won’t stop someone determined to break in and steal your possessions, but it sure makes it harder for them to do so, and easier to catch them.

Five Tips to Reduce a Nonprofit’s Risk of Cybercrimes

  1. Improve password strength: Please, say goodbye to using “password123” or “namename123” as your passwords. Yes, according to MetroNews, people still use passwords like 1234567. Despite news of security breaches affecting millions of people (and their credit rating), people continue to use weak passwords. Don’t allow this within your organization. Insist that everyone choose strong passwords and change them monthly. Strong passwords are difficult for the average person to guess, do not include common words or phrases, and include capital letters and lower case letters as well as symbols and numbers. Think that’s a tall order? It could save you a great deal of trouble later by making the proverbial “lock on the door” very strong and keep attackers from easy entry into your database or website.
  2. Review your cybersecurity strength: Conduct a cybersecurity audit or work with us to conduct one. A cybersecurity audit examines all areas of your organization where attackers may gain entry and cause trouble. It also helps you pinpoint things you’re doing right so you can replicate them. AICPA provides a free guideline to help you conduct your audit.
  3. Update your software and website: All software needs to be updated to patch known problems and fix gaps that hackers exploit for nefarious reasons. When your software prompts you that it needs to update, please don’t ignore the message or quiet it and forget it. Websites also need to be updated frequently. WordPress, a common framework used to build websites, typically includes codes called plugins, which are areas hackers are known to exploit. These should be checked and updated regularly, which can be done from the administrative panel in WordPress. Other site providers and frameworks have similar places to update software.
  4. Provide training: Train employees to recognize attempts to gain access to systems. Some common things to watch for include phishing schemes, which trick people into revealing passwords through phony reset messages or similar emails; scams that encourage you to click on a link, thus infecting your computer with a virus or similar code; or downloading a ‘free’ item that includes malicious code embedded in it. Another method that criminals use to gain access to company systems is to pretend to be the CEO or another public-facing executive and request information from someone about the system or their password. By teaching your staff all of these methods, you help raise awareness of what they may encounter and encourage the appropriate steps to confirm any requests for passwords and confidential information. Write and document all procedures and provide training to both new employees and refresher training for current employees.
  5. Back up everything: If a security breach occurs, you may be locked out of your systems. It’s a nightmare that some companies face, and it can be costly to fix it. By backing up your systems, you’ll be able to access and replace any information that may be compromised by an attack.

Take Cybercrime Seriously

Take cybercrime seriously. An ounce of prevention is always worth more than a pound of cure.

If you need help with a cybersecurity audit or more information, please don’t hesitate to contact Welter Consulting for information.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Cyber Defense – Five Steps to Improve Your Peace of Mind

By | Fraud | No Comments

If you think you’re immune to cybercriminals because you run a nonprofit organization, think again.

Cybercrimes against nonprofits are more common than you think. According to the Nonprofit Quarterly, there has been a 270 percent increase in the number of attacks against business, with small businesses and nonprofits at higher risk than ever before.

Why? It’s simple: easier targets. Criminals know that nonprofits and small businesses are less likely to have the time, patience, and resources to fight back when they’re the target of an attack. They pay up rather than risk the resources, capital, and reputation that might be spent defending against the attack.

It’s been said that the best defense is a good offense. That certainly goes for cyber defenses. There are five things a nonprofit can do to defend against the most common cyber-attacks. Taking these steps may mean the difference between sending an “I’m sorry” email to your constituents and business as usual.

Five Steps to Defend Against Nonprofit Cyber Attacks

There are many things you can do to prepare for and defend against cyber-attacks, but the following stand out as being simple, easy to implement, and within the abilities of most nonprofits.

  1. Educate employees about threats: Keep up to date about the latest types of cyber threats and educate your employees about the signs of such attacks. Employees may not know about ACH attacks, for example, which target them through emails pretending to be from the CEP to gain access to company bank accounts. These and other attacks pose serious threats to nonprofits but can easily be thwarted through education and vigilance.
  2. Encourage reporting of potential attacks: Encourage your employees to ask for help if they think they’ve accidentally clicked on a bad link or given out information to potential cyber thieves. Make it safe to do so and avoid repercussions that could discourage them from reporting. Early reporting of possible breaches enables you to take swift action to batten down the hatches against further problems.
  3. Establish offline ways to confirm financial transactions: Ensure that employees can confirm transactions or the release of vital information offline through a phone call to a senior executive. Offline ensures that a link in a phishing email won’t take the employee straight back to the scammer for confirmation. It also puts in place a series of checks to stop possible mistakes.
  4. Create backup systems and files: The use of cloud-based software such as cloud-hosted fundraising and donor management software protects files against viruses on your network by hosting them off network and onto a more secure cloud system. Other software such as Abila Cloud Accounting secures valuable financial detail through controlled access to accounts and financial systems.
  5. Prioritize updates: It’s tempting to click “ignore” when a pesky update notice pops up on your computer. Patches and updates close gaps in software codes that can be exploited by thieves, so don’t neglect updates. Conduct regular software updates on all of your systems. Cloud-based software updates automatically and in the background so you don’t have to remember to update it. That’s another reason for choosing cloud systems for accounting, financial management, donor and fundraising management, and more.

Do you remember a television commercial featuring Smoky the Bear? Smokey’s slogan was, “Only you can prevent forest fires.”

Well, only you can prevent cyber-attacks by taking the appropriate steps to protect and defend your organization. If you believe in your mission, then you know it is worth the time and effort to secure valuable resources against external threats like a cyber-attack.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.