Takara Small, a technology expert, journalist, podcaster and media personality, took the virtual stage during the ACFE’s 2021 Fraud Conference Canada to discuss the importance of a proactive approach toward minimizing fraud risk. Her presentation engaged virtual attendees and emphasized due diligence and education.

Small began by asking viewers if they knew about the “Shirley card,” a card that was used by photographers and videographers in the 1950s and 60s to balance lighting. This card featured a woman with light skin, so the lighting in movies and photos was skewed toward honoring that complexion. At first this anecdote seemed unrelated to fraud, but Small encouraged attendees to think about this as an example of molding something to one’s own specific situation. For example, sometimes an organization may not have the opportunity or financial capability to implement a certain solution, but the best thing they can do is understand their situation and use what they have to reduce fraud risk in any way. 

Experiencing fraud is “a matter of when, not if,” as Small noted. There is no industry that is completely risk-free, and fraud can affect businesses of all sizes and structures. So, Small prefers the language of “reducing risk” rather than “solving problems.” “If we believe that anyone anywhere could potentially be the victim of fraud or cybersecurity risk, then we have to know what to do when it happens,” she noted. The first step in this process is to have good data hygiene by having data policies in place. Additionally, organizations should be able to understand potential threats and should make basic due diligence a top priority.

Understanding the threat means being able to think like a hacker and being able to determine how someone could compromise a company through various levels or entry points. Small warned against always trusting advertisements and sponsored content on media platforms because they might not be the message an organization or news site genuinely wants to put forth. Furthermore, Small encouraged companies to supply employees with tools that will keep them protected, like VPNs or company laptops with updated anti-virus software, since data can be stolen from unsecure networks, especially as people continue to work remotely. 

Due diligence means always going to the source. If a company wants to work with a new client, vendor or third-party, Small recommended the maxim, “trust, but always verify.” Small put forth these tips:

• Ask for references when hiring or when finding a new vendor, and then follow up with those references.

• Peruse product websites to read customer reviews.

• Look at the source code on vendor websites to ensure it’s not just replicated from somewhere else.

• Perform a social media audit to ensure the new hire or new vendor has the company’s interests at heart.

• Flag invoices with changing dollar amounts, different currencies or invoices that don’t list taxes.

• Note any change in payments that don’t have documentation or changes in contracts without any reasoning.

• Don’t fall into the pressure of holiday-time hiring when it may feel that your company has no choice but to hire new vendors or new suppliers because of supply chain demand. Ensure a proper vetting process even during time constraints.

• If you don’t think your customer would feel comfortable with a risk you are making by trusting a vendor without a verification process, don’t take the risk.

Small continued, “There aren’t really hard solutions you can apply to your business right now. Things change so quickly, so I think the best any company, any entrepreneur, anyone with a side hustle can do is to reduce risk at the end of the day.” Another way to do this is to focus on education. Small proposed that customers can be an asset, not just a vulnerability. Companies, then, should include regular training for employees and customers to educate them on what to look for so they can notify the company if they ever encounter anything surprising. Additionally, companies should be able to recognize current and new fraud trends and then share those observations with employees and customers. Small also said it is a good idea for upper management to make sure remote employees have firewalls in place and that they encrypt their data. 

Moreover, Small recognized the need to shrink the trust deficit within organizations. At times, a lack of transparency can degrade trust between employees and employers, especially when people are working remotely and might face miscommunications. Employees need a space to voice concerns and opinions, such as a secure tip line or dropbox. Successful companies should master the ability to use technology and social media to communicate safely with customers and employees, especially when sharing a red flag. For this to work, companies need employee buy-in. This depends on the tone coming from the top of the company. Small also reminded viewers that not everyone who wants to share something with the company has negative information. Some employees may feel more comfortable voicing opinions anonymously, even if the information isn’t necessarily unfavorable.

Being ready for fraud and having a strong company culture shows resilience and preparedness. Just as organizations have a PR plan in place for potential incidents, it’s crucial to face anti-fraud readiness with the same mindset. Small advised that being transparent is the best thing a company can do because they otherwise risk someone else disclosing the information. This isn’t about “shaping the narrative,” she explained, but more about being upfront so customers and employees know they can trust the company. By reducing risk along the way and being transparent if fraud does happen, companies guarantee higher levels of long-term success.