Most of what you know about insider fraud is wrong

In a nutshell: Most of us are aware employee fraud is on the rise. But it’s not bogus jobseekers trying to get onto the payroll that ought to be keeping you up at night. The biggest risks already lie inside your business. “Most organisations carry out pre-emptive screening, yet most insider attacks are initiated by a permanent member of staff,” says Professor Rona Beattie of Glasgow Caledonian University. The average fraudster has been on the staff for eight years, says CIFAS research. “In many cases, the psychological contract has been broken,” says Beattie. “People haven’t got the recognition they believe they deserve or the promotion they wanted, and they take it out on their employer.” Why does it matter? Organisations with strong policies and good line managers are less vulnerable to attack. But when Beattie surveyed HR professionals, only 15 per cent thought their training and guidance on the topic was adequate. If managers are trained to spot changes in behaviour – the extrovert employee who’s suddenly gone quiet, unexplained changes to working hours, attempts to access restricted files – they can head off danger, particularly across sensitive roles such as those with access to financial controls. None of this means fostering a culture of suspicion. Vigilance is important, but it shouldn’t get in the way of a trusting and collaborative culture. Employee attacks are still rare, and the staff member who’s turning up early probably needs to pick their kids up from school later. Given the potential losses, however, it pays to ask the question, says Beattie: “Ninety nine times out of 100 there will be an innocent explanation. But can you risk the other one?”