Fraud is a serious problem and is not restricted to commercial organisations alone. In fact, evidence suggests that charities are targeted more than ever because they are perceived by fraudsters to be more vulnerable.
The Charity Commission is aware of charities’ vulnerabilites and have set up a useful website http://charitiesagainstfraud.org.uk/ to improve trustees’ and trust directors’ awareness.
Trustees have a duty to protect their charity’s resources. They are expected to have put in place suitable measures to identify, combat and prevent fraudulent activities. The website suggests that trustees ask themselves 10 questions:
- Do we understand our financial systems and data, and what “normal” looks like?
- Do we have regular and frank conversations with delivery partners?
- Do we conduct pre-employment screening and in-service checks on staff?
- Do we encourage staff and volunteers to voice concerns?
- Do we run process test checks and observe jobs in action?
- Do we have an anti-fraud policy and code of ethics?
- Do we conduct an annual fraud risk review?
- Do we understand what fraud is and what our responsibilities are?
- Do we promote fraud awareness and understanding?
- Do we have a response plan ready so everyone knows what to do?
Cyber fraud is on the increase. The government estimates that 70% of all fraud is now committed online. It can be complex and difficult to detect and normally involves hacking into your system or taking your identity. Here are 10 steps to protect yourself in cyberspace:
- Make sure that your network is protected by a suitable firewall and that malware protection is kept up-to-date (cyber criminals are constantly attempting to defeat protective defences);
- Apply updates and patches at the earliest opportunity to limit exposure to software vulnerabilities;
- Make sure that all access to your programs is protected by strong passwords, and these are known to only essential personnel and are frequently changed;
- Use a hierarchy of passwords so for example only the financial controller may access the accounts system and bank account;
- Make sure that all users are trained to accept (and open) emails only from known sources;
- Remove unnecessary software and default user accounts (these are often supplied with the software and often no attempt is made to prevent access by their removal);
- Restrict access by mobile devices such as tablets and mobile phones to critical services such as the accounting system or online bank accounts;
- Make sure that the network configuration is secure to restrict system functionality to the minimum required for operational needs, and applies to every device that is used to conduct business;
- Make sure that staff are trained to prevent and recognise cyber activity;
- Impose “perimeter defences” to block unnecessary access to insecure websites, or only allow permitted websites to be accessed.
If you require assistance with suitable security measures or a review of your system, please contact Ian Smith on 0191 281 1292 or your usual Rycroft Glenton contact.