Criminals won't go easy on them.
Only 9% of charities in the UK have a fraud awareness training programme, despite 69% of them regarding fraud as a major risk to their sector. So says a new report from the government, which shows the extent to which charities are vulnerable to fraud.
The report, Preventing Charity Fraud: Insights and Action, is based on the results of a survey carried out by the Charity Commission, partnered by the Fraud Advisory Panel. It’s a follow-up to another survey carried out in 2009, but with extended scope. In fact, it’s the largest ever analysis of fraud against UK charities.
A huge amount of money flows in and out of British charities, with an estimated £80 billion being spent every year. That makes them an appealing target for criminals. And according to the report, “The strong ethos of trust common to charities can make them more susceptible to fraud than similar sized public or private sector organisations.”
The most common types of fraud that charities fall victim to are mandate/CEO fraud (18%) and fraud related to abuse of position (12%). CEO fraud is commonly used by cyber criminals via phishing emails and inbox hacks. However, a large number of fraud cases don’t involve external parties at all, but rather people known to the victims. In fact, 53% of charities who were defrauded knew the person who committed the crime.
Shockingly, these crimes can often go on for months. The survey found that 60% of fraud cases occurred over a six-month period, and 5% went on for more than two years.
The majority of frauds (59%) cost less than £1,000, but the report’s case studies indicate costs can be much, much higher. For example, one charity had £845,000 stolen by one of its treasurers, who it later emerged had 15 previous fraud-related convictions. Another charity paid £55,000 to criminals, after being tricked by a spear-phishing campaign, involving accurate and convincing information about its financial director.
Of course, any level of fraud should be avoided. Although most incidents are small in value, not acting to prevent them could result in an escalation of their frequency and seriousness.
So what should charities be doing? For a start, they need to vastly improve their awareness of fraud and types of fraud. They also need to make sure they have policies and procedures in place to both prevent and respond to fraud. Technology, meanwhile, can help with fraud prevention and reporting. Email filtering solutions, for example, can put a major dent in criminals’ phishing attempts. And document, user and device management systems can help to keep track of employees, volunteers and trustees, flagging suspicious or otherwise unsafe behaviour.
It’s important, of course, to be realistic about which security to implement. Top-of-the-range cyber security may be beyond the budget of smaller charities, and they probably won’t have the resources to hire a full-time security specialist. It may also be more difficult to arrange suitable fraud awareness training for staff.
There are, however, solutions and methodologies to suit all budgets. The trick is to find what works for your organisation and what offers the best value.
Call TMB on 0333 900 9050 to find out how our cyber security solutions and expertise can help your charity or business avoid falling victim to fraud.