Many companies have taken their operations remote over the past year, and it is becoming clearer as 2021 progresses that a sizable share will keep them that way — even as brick-and-mortar locations reopen. Seventy-eight percent of CEOs agree that remote working and collaboration will persist for the long term, illustrating just how pervasive this shift has been across industries.
Fraudsters have also noticed this trend, however, and are eager to capitalize on firms’ weak points as businesses reorganize their staff and payment processes to accommodate virtual work. Eighty-four percent of AP teams are now either working from home or busy creating work-from-home protocols, which could leave many of their processes vulnerable to bad actors. This includes opening themselves up to fraud perpetrated by their own employees, who may be emboldened to embezzle funds or attempt other misdeeds while away from their brick-and-mortar offices.
Blocking payments fraud or illicit transactions has always been a top concern among companies, and this threat has grown more pervasive since the broad migration to remote work opened doors for employee theft as well as external attacks. Small- to midsized businesses (SMBs) in the United Kingdom lose approximately £93 million ($131 million) to invoice fraud annually, for example, and phishing attacks rose 667 percent in the past year. Ninety-three percent of fraud professionals in a recent study said that they would likely see a jump in the overall level of fraud attempts at their organizations in the future.
The following Deep Dive analyzes the challenges that companies and AP teams have faced during the transition to remote work as well as the security threats, both internal and external, that have emerged as a result. It also examines key steps that firms’ financial departments can take to mitigate these cybersecurity issues and manage remote workforces.
Closing The Remote Work Processes
This means companies must be sure to protect against both external threats as well as internal security weak points. Failing to protect against employee fraud had severe financial consequences even before the jump to remote work accelerated, with one recent study finding that a single case of occupational fraud can take companies 14 months to detect and cost $8,300 on average. Many companies are also experiencing growing losses in private data or intellectual property, with another study finding that intellectual property losses have reached $600 million annually.
Firms must revamp how they approach online security to ensure employees cannot make off with sensitive data or company funds, but this requires adjusting security processes to suit the remote new normal. Brick-and-mortar offices tend to run computers or other employee devices on protected networks, but this is not possible for many remote workers. Many employees instead utilized their personal laptops or devices to conduct work-related tasks or share sensitive data during the initial shift to remote operations, dramatically increasing the risk of internal as well as external fraud. A February 2021 study found that 61 percent of remote employees were using their personal devices for work, for example, while just 9 percent said their employers had provided them with antivirus software to protect their devices from fraud.
Inadequately protected personal devices represent only one weak point that internal and external fraudsters can exploit. Firms are also adjusting their in-office payment processes to run smoothly and securely in a remote setting, and another recent study found that 62 percent of insider fraud originates from “negligent” fraudsters — those who are not approaching their companies’ payment processes with the proper care and caution. The disorganization that can occur when companies switch to remote payment processes has only exacerbated this risk. Thirty-nine percent of AP professionals state that the past year’s developments have affected how they manage their typical operations, and 31 percent say establishing certain payment approval or invoicing processes for remote teams remains a top focus.
Research reveals just how critical it is for companies to protect these AP processes or other cash flow management functions as they adjust to running them remotely. Twenty percent of AP team members in one study declared that combating payments fraud was their top focus. Companies must reimagine the fraud-fighting strategies they are using to ward against schemes from their own employees as well as external actors, however, including examining how automation can enhance digital security.
The Importance Of Automation For Next-Gen AP Operations
Firms can take several steps to protect their virtual AP processes, and automation can be particularly helpful. Many financial institutions (FIs) already utilize artificial intelligence (AI) to guard their systems from fraudsters, with recent PYMNTS data finding that approximately 54 percent of FIs have tapped the technology to steel their payments processes against cyberattacks. Sixty-seven percent of banks said that smart agent AI, in particular, can improve customer satisfaction. Adopting automated AP processes and AI comes with distinct advantages, including speedier invoice approvals and the ability to easily distinguish between real and false invoices. Automation can help businesses parse data more swiftly than human employees could, allowing them to ferret out suspicious patterns or details that could indicate fraudulent invoicing or other forms of fraud.
Companies must examine how automated AP processes and related technologies could protect their payments and their data, especially as the threat of fraud from outside and from within grows more insidious. Firms must swiftly adjust their cybersecurity strategies to match their new needs, however, lest they risk leaving themselves open to fraud.