Employee fraud and abuse cost companies roughly 5% of their annual revenues on average, but small companies suffer disproportionately higher losses due to their trusting cultures and the relatively broad autonomy enjoyed by their executives and employees.

That’s the conclusion of a recent Forbes article, which noted that small businesses with 150 employees or less are the most vulnerable to fraud, “because they lack appropriate internal controls and owners lack awareness of the risks their companies face from insider threats.” The most common fraud types it found were check tampering, payroll and billing schemes and expense padding.

Discovering such fraud after the fact is hard enough; identifying it beforehand may seem altogether impossible, especially to a smaller company with limited resources.

But there is a way. The article’s author also highlighted a recent study by the Association of Certified Fraud Examiners (ACFE), which found that: “Individuals who are engaged in occupational fraud schemes often exhibit certain behavioral traits or warning signs associated with their illegal activity.”

ACFE’s list of 17 so-called ‘behavioral red flags’ makes for very interesting reading, especially the six most common: (1) living beyond one’s means; (2) financial difficulties; (3) unusually close association with a vendor or customer; (4) excessive control issues or unwillingness to share duties; (5) recent divorce or family problems; and (6) a general ‘wheeler-dealer’ attitude involving shrewd or unscrupulous behavior.

The Haystax for Cyber-Crime Prevention solution uses probabilistic models to analyze a laundry list of individual behaviors that are strong indicators of future fraud, and the behaviors outlined by ACFE are among the ones our models are designed to pick up.

In designing the solution, our data scientists first settled on the concept of trustworthiness as the most important relative indicator of insider risk. The less trustworthy an individual was, their thinking went, the more likely he or she would be to commit fraud, data theft, sabotage, espionage or some other harmful activity.

Working collaboratively with subject-matter experts in psychology, financial fraud, threat intelligence, criminal behavior and other related subjects, the data science team captured their insights and judgments and encoded them into a model of trustworthiness in all its forms.

Haystax software engineers then integrated this expert model into a user behavior analytics (UBA) platform that can ingest data relating to professional and personal indicators of employee trustworthiness, such as reliability, credibility, conscientiousness, financial and job stability, respect from colleagues, lack of a criminal record, etc.

Data from diverse internal company sources (HR reports, travel/expense records, network logs) and public records is applied to the model. The results — essentially a prioritized scorecard of risk across the workplace — are presented to a security analyst, who can then use Haystax’s in-built workflow tools to triage, investigate and respond to the biggest threats. Every time new data is applied, the risk scorecard is updated.

This enterprise-strength UBA tool gives our small and medium-sized business (SMB) clients a way to anticipate and mitigate all types of cyber and physical risk — including threats posed by trusted employees, vendors and contractors — regardless of whether the actors are malicious, intentionally negligent or simply unaware of their actions.

To be sure, as the Forbes article points out, there are critical policy, procedural and cultural standards that every SMB should put in place as well, from conducting fraud risk assessments to segregating financial responsibilities to cultivating a culture of integrity.

But in the spirit of ‘Trust But Verify,’ those assessments and cultural norms could benefit from being augmented with some low-cost but powerful UBA tools as a way of getting ahead of any looming insider threat.

# # #

Note: Why wait until employee fraud has hit your firm? Haystax built its Cyber-Crime Prevention solution for precisely the kinds of threats and vulnerabilities found in SMBs. Learn more about our solution here.