If you thought your nonprofit was safe from fraud and embezzlement, think again. According to a Washington Post article, thousands of nonprofits have found “diverted funds”. The Association of Certified Fraud Examiners ranked charities, religious organizations and social services as #19 in their 2012 report of Occupational Fraud & Abuse with median losses amounting to $85,000.
If that weren’t bad enough, there are plenty of bad headlines that discourage and frighten donors and those providing grants such as:
- Raleigh non-profit to stay open despite fraud charges
- Nonprofit leader charged with fraud
- Nonprofit organizations seeing more problems with fraud
- Small and Informal and Vulnerable to Fraud: A Warning
Then there’s the NPR followup story about fraud that focuses on the more than a thousand of the nation’s nonprofits that have each acknowledged losses of a quarter million dollars or more because of theft, investment fraud, embezzlement or other unauthorized use of funds.
How Fraud Happens
Nonprofits are a favorite target of cyber criminals. According to Verizon’s 2011 Data Breach Investigations Report, the reason is because “hackers favor highly automated, repeatable attacks against these more vulnerable targets or possibly because criminals are opting to play it safe in light of recent arrests and prosecutions of high-profile hackers.” Nonprofits are generally less likely to have deterrents in place and spend time on prevention.
Cyber criminals look for vulnerabilities they can exploit. Your nonprofit is at risk if it:
• Uses checks or takes checks. Cyber attackers duplicate checks with your routing number and cash them. If they’re your checks your money vanishes; if you cash them, you can lose your money, too. The bank may replace some but not necessarily all.
• Uses credit cards or takes credit cards. Same as checks.
• Uses software, even software in the cloud. You can open a “back door” that a cyber criminal can use or be infected and infect others.
• Uses passwords — especially if you use the same ones for everything or don’t change them often enough.
• Sends and receives emails — they can infect you and others as well as cause problems with other systems.
• Has firewalls that aren’t strong enough or you don’t keep current.
• Puts fuel in a vehicle, use an ATM, or has or uses any kind of point of sale including “self checkout” device.
According to the Verizon study,
• Physical attacks that involve card-skimming by manipulating automated credit card devices (such as gas pumps and ATMs) are on the rise, doubling each year since 2009.
• Hacking and malware are the most common form of attack. Malware, malicious software programs designed to infiltrate and damage computers without the user’s consent, resulted in 80% of lost data in 2010.
• Stolen passwords and credentials are out of control and cause the most problems when it comes to cyber security. Those hardest hit are financial services, hospitality, and retailers.
Cyber criminals steal a nonprofit’s good name and reputation. Just the threat of cyber terrorism makes employees, clients and donors afraid, vulnerable, and less productive.
It Takes a Community to Fight Fraud
Unfortunately, fraud is easy unless you take steps. TeamNFP created Positive Pay TM8 and Check Clearing TM8 to help but it starts with a commitment to stay alert and committed in order not to be a victim.
Defeating them takes three C’s: community, control, and commitment.
- Community — The more the whole nonprofit community voluntarily shares information on these attacks, the less likely others will be victims.
- Control — Those controls need to be part of every department and on every employee job description. They need to include setting up, training staff and monitoring of internal protection systems. Nonprofits must have controls in place to monitor how well their strategic allies and providers protect their nonprofit from fraud. They should choose to do business with providers with great products, exceptional service, and responsible fraud controls.
- Commitment — This is not something you can do once and forget. Cyber criminals who commit fraud keep getting better. Your nonprofit needs to stay ahead. Every day and in every way you have to fight back. We do recommend that you keep up with scams by regularly consulting the Better Business Bureau website.
What are you doing about it?
- Start by asking to your TeamNFP Certified Business Partner to schedule a demo of fraud prevention and security software such as our Positive Pay 4.0 TM8 and Check Clearing TM8 1.1. If you do business overseas, you might also want to look at Multi-Level Checks TM8 3.0 and International Wire Transfer TM8 1.0
- Review your accounts daily at least.
- Monitor employees and vendors — that cyber criminal could be your longest, most loyal person that you trust the most.
It’s too bad that we can’t just do our jobs and trust people. We wish it were different, too. But, it’s not. Be careful.
Pass this information on to everyone!
Tags: Check Clearing TM8, Cyber Criminals, Embezzlement, Fraud, IRS Form 990, Nonprofits, Positive Pay TM8, TeamNFP Certified Business Partners