Fraud is a subject on everyone’s mind these days. We hear almost every day about a new scheme or form of fraud. Unfortunately, government fraud at all levels—from municipal to federal—is everywhere. The purpose of governments is to serve tax-paying citizens. They need to know things about those citizens to provide services. Bad actors want to make an easy buck by taking advantage of the public sector’s outreach to its citizens. This makes for an unsafe situation.
Throw a pandemic into the mix and it becomes dangerous. The threat of government fraud has continued to escalate during the COVID-19 pandemic, which has created the perfect storm. Citizen’s needs have increased as the pandemic shut down parts of the world, impacting employment, housing, healthcare, and other areas, and associated benefit programs.
Recently, governments have become proactive. The old, “pay-and-chase” model, where benefits are paid out in advance and then investigations are launched when fraud is obvious or too late is just not working. There are several areas of opportunity for government fraud that require attention:
Communication channels. How do you connect and interact as a public sector organization with private sector individuals and other public sector entities? Is it by phone, mobile, internet or maybe even fax? Is there a brick-and-mortar component? Unfortunately for many organizations, it’s all the above. Fraudsters are using mobile phones right now and finding new and different ways around authentication.
Threats from inside. We typically think about outsiders working to break in when it comes to fraud. In many cases though we find out that employees or third-party vendors could be involved, either voluntarily or unknowingly.
Multi-modal fraud. An area on the rise is what is called “multi-modal” or “multi-channel” fraud. This refers to when a citizen who may qualify for certain types of benefits falls to identity takeover by bad actor who proceeds to apply for those benefits under that person’s name.
IT mistakes. The unfortunate truth is that most IT organizations are stretched thin. Being in charge of configuring cloud accounts, user access controls, user IDs and passwords, user access controls, and watching the login attempts is a lot of responsibility., Mistakes are going to happen.
How to protect your organization against government fraud
You can protect your organization and the citizens you serve in many different ways, including:
Protecting passwords and making them stronger Including multi-factor authentication is one of the easiest ways to prevent security breaches.
Managing identities and roles beyond password protection is critical. You can use behavioral analytics and patterns like the typical time of day they behavior log in, the geolocation of the login attempt, the device, even the operating system to help ensure a person is who they say they are. Additionally, it’s vital that employees have access only to the systems and data they need to do their job.
Having a backup strategy is another area often overlooked. Most organizations complete backups, but are they done often enough? Are they stored in a safe place, like the cloud?
Educating your employees on protecting their passwords and their physical spaces is especially important. Breaches aren’t typically spiteful or deliberate; employees simply don’t realize that they’re putting the organization at risk with their actions. Once a bad actor has broken into an employee’s workstation—which is the easiest way—they’ve gained access to your entire network.
Keeping hardware and software up to date is often neglected. Making sure every device and application or tool is on the latest version means you’re working with the best protection against fraud. During application development, consider including a check for the latest update. Prompt users to implement available updates before authenticating and proceeding further.
Most importantly, encourage collaboration
This deserves its own section. Big or small, every government organization can have departments and information become pigeon-holed. Everyone is spread thin and short on time. It’s not always convenient to share what they’re seeing and dealing with. Taking the time to set up a regular routine where department heads share threat intelligence would be well worth the effort. If a bad actor attacks an individual or department, odds are they are attacking other areas of the organization.
For instance, the IT department could be sharing with all department heads that they are seeing an unusually high level of login failures. How realistic is it that all your employees and citizens suddenly forgot their passwords? Isn’t it much more likely that fraudsters have implemented a password spraying attack, leveraging passwords they have found on the open web and the dark web to see if they can guess their way into credentials? Having consistent operating routines where each department is accountable for one or two metrics brings these patterns to the surface, where they can be dealt with before they create big problems.
Collaboration makes it easier to recommend and get buy in on technology investments when everyone is working together to address a shared threat. You can then work together to design processes around the tool to ensure everyone is utilizing it to its fullest and maximizing its benefits.
Getting a handle on and addressing all the security threats out there can be a time-consuming task. Most organizations’ IT teams are overwhelmed, and budgets are always a challenge, which reduces your ability to put technology to work. In 2021, a Thomson Reuters survey showed that government leaders said the biggest challenges around fraud protection were related to budget constraints and resources.
The positive news is that companies like Microsoft have put a lot of attention on fraud protection. Developed for internal use (as a top 10 e-commerce company, fraud is a challenge for them, too), the Microsoft Dynamics 365 Fraud Protection is an economical solution that operates in the Cloud and integrates simply with current government systems, enabling them to quickly strengthen fraud protection without impacting their operations. It revolves around adaptive AI technology, meaning it is continuously learning about evolving fraud patterns.
HSO and Microsoft are in the battle to fight government fraud
Microsoft and HSO have teamed up to teach governments more about fraud and how to address it.
Watch this on-demand webinar, Citizen Data Protection: How Your Government Can Ensure Comprehensive Cybersecurity with Microsoft Dynamics 365 Fraud Protection
In this educational webinar, you’ll hear about common challenges, use cases, and solutions from industry experts: Sondra FeinbergGlobal Partners and Alliances Fraud Protection at Microsoft; Betsy Appleby, VP and Global Industry Director of Public Sector at HSO; and Theresa PaytonCEO of Fortalice Solutions and former White House CIO.