Fraud is a topic on everyone’s mind these days. It seems there is a new story every day about a new scheme or form of fraud. Unfortunately, government fraud at all levels—from municipal to federal—is very serious. Since the reason for the existence of governments is to serve tax-paying citizens, they need to know things about those citizens to provide services. And bad actors are looking for how to make a quick buck by taking advantage of the public sector’s outreach to its citizens. This makes for a dangerous combination.
Then add a pandemic to the mix. The threat of fraud to governments has continued to increase during the COVID-19 pandemic, which has created the perfect storm. Citizen’s needs continued to increase as the pandemic shut down parts of the world, affecting employment, housing, healthcare, and other areas and associated benefit programs.
Now more than ever, governments become proactive, moving away from the old, “pay-and-chase” model, where benefits are paid out in advance and then investigations are launched when fraud is obvious or too late. Here are some areas of opportunity for government fraud that require attention:
- Channels of communication. How do you engage and interact as a public sector organization with private sector individuals and other public sector entities? Phone? Mobile? Internet? Is there a brick-and-mortar component? Unfortunately for many organizations, it’s all the above, including fax machines. Mobile phones are a very popular vector right now for fraudsters, who are finding new and different ways around authentication.
- Internal threats. When we think about fraud, we typically think about outsiders working to break in. It’s important, however, to remember that employees or third-party vendors could be involved, either voluntarily or unknowingly.
- “Multi-modal” fraud. An area where fraud is on the rise is what is called “multi-modal” or “multi-channel.” This refers to when a bad actor steals the identity of a citizen who could qualify for certain types of benefits and proceeds to apply for those benefits under that person’s name.
- Common IT mistakes. This is just a fact: Most IT organizations are stretched thin. Being responsible for configuring cloud accounts, user access controls, user IDs and passwords, accounts, user access controls, and watching the login attempts, mistakes are going to happen.
Protecting against government fraud
There are many ways to protect your organization and the citizens you serve, including:
Strengthening and protecting passwords is the biggest contributor to security breaches and the easiest to address. This also includes implementing multi-factor authentication.
Identity and role management beyond password protection is critical. To help ensure a person is who they say they are to avoid account takeovers, you can use behavioral analytics, like the typical time of day they log in, the geolocation of the login attempt, the device, even the operating system—anything that can confirm a pattern of behavior. In addition, it’s important to ensure employees have access only to the systems and data they need to do their job.
Having a good backup strategy is another area that is often overlooked. Most organizations do backups, but are your backups done often enough? Are they kept in a safe location, like the cloud?
Educating employees on protecting not only their passwords, but their physical spaces as well is very important. Breaches aren’t typically malicious or intentional; employees simply are not aware that they’re putting the organization at risk with their behavior. Once a bad actor has broken into an employee’s workstation—which is the easiest way—they have access to your entire network.
Keeping software and hardware up to date is often overlooked. Ensuring every device and application or tool is on the latest version means you’re working with the best protection against fraud possible for that tool or device or application. When doing your application development, consider including within that design a check for the latest update. If a user has an update available, prompt them to implement it before authenticating and proceeding further.
Most importantly, encourage collaboration
This deserves its own section. Even the smallest government organization is big enough that departments and information become siloed. Everyone is busy and doesn’t have time to share what they’re seeing and dealing with. But taking the time to set up a regular, repeatable routine where department heads share threat intelligence would be well worth the effort. If a bad actor attacks one person or department, they are most assuredly attacking other areas of the organization.
For example, the IT department could be letting all the department heads know that they are seeing an unusually high level of login failures. It is very likely that all your employees and citizens suddenly forgot their passwords and much more likely that a fraud organization has implemented a password spraying attack, leveraging passwords they have found on the open web and the dark web to see if they can guess their way into credentials. Having repeatable operating routines where each department is held accountable to one or two metrics brings these patterns to the surface, where they can be addressed before they cause big problems.
Also, collaboration makes it easier to suggest, recommend, and get buy in on technology investments because everyone is working together to address a shared threat. With everyone’s buy in and confidence in a tool, for example, you can then work together to design processes around the tool to ensure everyone is utilizing it to its fullest, fine-tuning it and the process to focus on the biggest threats for the maximum benefit. Look to technology for help extend resources and budgets
Getting a grasp on and addressing all the security threats out there can be an onerous task. Most organizations’ IT teams are stretched thin as it is, and budgets are always a challenge, which limits your ability to put technology to work. In fact, in a 2021 Thomson Reuters survey, government leaders said the biggest challenges around fraud protection were associated with budget constraints and resources.
The good news is that companies like Microsoft have put a lot of focus on fraud protection. Originally developed for internal use (as a top 10 e-commerce company, fraud is a challenge for them, too), the Microsoft Dynamics 365 Fraud Protection is a cost-effective solution that operates in the Cloud and integrates quickly and simply with existing government systems, enabling them to rapidly strengthen fraud protection without impacting their operations. It revolves around adaptive AI technology, which means it is continuously learning about evolving fraud patterns.
Learn more about battling government fraud with HSO and Microsoft
Microsoft and HSO have teamed up to educate governments on fraud and how to address it.
Watch this on-demand webinar, Citizen Data Protection: How Your Government Can Ensure Comprehensive Cybersecurity with Microsoft Dynamics 365 Fraud Protection
In this educational webinar, you’ll hear about common challenges, use cases, and solutions from industry experts: Sondra Feinberg, Global Partners and Alliances Fraud Protection at Microsoft; Betsy Appleby, VP and Global Industry Director of Public Sector at HSO; and Theresa Payton, CEO of Fortalice Solutions and former White House CIO .
Contributor: Petra Eimiller
Leave A Comment