PYMNTS Intelligence: How SMBs Can Fight the Fraud Threats of Remote Work

Remote working was a boon to businesses during the pandemic, as technology allowed many companies to remain productive when much of the world was shutting down. Along with greater technological dependence, however, came greater threats to organizations, such as cyberattacks, data breaches, fraud, bribery and corruption. The widespread use of personal devices, unsecured networks and unprotected software created a broad attack surface through which bad actors could prey on employees, posing significant risks to whole organizations.

While external threats such as cyberattacks emerged as the single most disruptive fraud risks during the digital shift, remote work also put companies at greater risk from internal threats. When misconduct was the most disruptive fraud type, it was more than twice as likely to come from internal than external sources. More importantly, unintentional internal threats arising from human vulnerability — including poor security habits and susceptibility to social engineering tactics — work hand in hand with external threats to form the most common cause of data breaches.

Greater Security Challenges in a Remote Work Environment

While research found that 88% of SMBs are concerned about damaging attack vectors such as ransomware, the initial compromise in a remote work environment generally comes from employees clicking on malicious links or unwittingly providing credentials to bad actors. Breaches often result from fraudsters deceiving employees with phishing schemes seeking personal information. The primary source of payments fraud, meanwhile, is business email compromise (BEC), in which criminals pose as legitimate entities or executives to mislead employees into making fraudulent B2B payments.

Invoice fraud, for example, involves the diversion of payments through replica emails made to look as if they come from familiar suppliers or other known sources. A report noted that U.S. businesses are losing an average of $300,000 per year to invoice fraud, with 25% of finance professionals unable even to hazard a guess at these losses due to opaque processes and sloppy paper trails.

Business Travel Elevates Risks

With business travel taking off again, more employees are using devices and networks that are not secure. Companies with more employees working remotely face greater costs resulting from data breaches, and the U.S. has emerged as the biggest target for fraudsters. With two in five remote employees transferring unsecured data from their company’s system to personal accounts, vulnerabilities can be nearly impossible to avoid. Employing zero-trust access with multifactor authentication is crucial in this environment, and with bring-your-own-device models growing 58% since 2020, companies must address remote policies and monitoring, or else risk employees’ data security.

How SMBs Can Shore up Their Defenses

Unfortunately, most businesses still rely on single-factor usernames and passwords for user authentication. With leaked credentials such as these regularly available to criminals on the dark web, the first step businesses should take to secure their remote workforces is to implement multifactor authentication. A similar due-diligence strategy to mitigate BEC fraud would involve confirmation of payment requests before money transfers are possible. Staff training is also essential to raise awareness of phishing and BEC schemes as well as best security practices such as good password hygiene.

Finance, IT and security teams must work in concert to protect payment systems beyond the standard network, server and data security, automating processes to allow for no errors. Technology partners can help alleviate costs for SMBs. Companies that adopt a proactive, multilayer approach to securing their distributed workforces will be best prepared as the new work landscape continues to unfold.