User Review( votes)
Today more than ever, fraud is a topic on everyone’s mind. Government fraud at all levels—from municipal to federal—is quite serious. Governments exist to serve tax-paying citizens; therefore, they need to know things about those citizens to provide services. Unfortunately, bad actors are looking for ways to make a quick buck by exploiting the public sector’s outreach to its citizens. This makes for a dangerous combination.
Add in a pandemic and you have an even more serious problem. Citizen’s needs increased as the pandemic shut down parts of the world, affecting employment, housing, healthcare, and other areas and associated benefit programs.
Increasingly, governments are becoming more proactive, moving away from the old, “pay-and-chase” model, where benefits are paid out in advance and then investigations are launched when fraud is obvious or too late. Some areas of opportunity for government fraud that require attention are:
- Channels of communication. How do you communicate as a public sector organization with private sector individuals and other public sector entities? Phone? Mobile? Internet? Fax machines? Is there a brick-and-mortar element? Unfortunately for many organizations, it’s all the above. Fraudsters love mobile phones right now because they are finding new and different ways around authentication.
- Internal threats. When we think about fraud, we typically think about outsiders working to break in. Don’t forget that employees or third-party vendors could be involved, voluntarily or not.
- “Multi-modal” fraud. One area where fraud is on the rise is referred to as “multi-modal” or “multi-channel.” This refers to identity takeover by a bad actor of a citizen who may qualify for certain types of benefits and proceeds to apply for those benefits under that person’s name.
- Common IT mistakes. This is just a fact: Most IT organizations are over extended. The responsibility of configuring cloud accounts, user access controls, user IDs and passwords, and watching the login attempts, can be overwhelming and mistakes are going to happen.
Guarding against government fraud
There are multiple ways to protect your organization and guard the citizens you serve, including:
Strengthening and protecting passwords is one of the easiest ways to address one of the biggest contributors to security breaches. This includes implementing multi-factor authentication.
Identity and role management beyond password protection is crucial. To ensure a person is who they say they are to avoid account takeovers, you can use behavioral analytics, such as the typical time of day they log in, the physical location of the login attempt, the device being used, even the operating system—anything that can help confirm a pattern of behavior. In addition, it’s important to ensure employees have access only to the systems and data where there is a need to know.
Having a good backup strategy is another part of security that is often overlooked. Most organizations do backups, but are they done often enough? Are they kept in a secure location, like the cloud?
Educating employees on safeguarding not only their passwords, but their physical spaces as well is imperative. Breaches aren’t typically malicious or intentional; employees simply unaware that their actions are putting the organization at risk. Once a bad actor has breached an employee’s workstation—which is the easiest way—they have access to your entire network.
Keeping software and hardware up to date is often ignored. By ensuring every device and application or tool is on the latest version means you have the best protection against fraud possible for that particular tool, device or application. During application development, consider including a check for the latest update. If an update available, prompt the user to implement it before authenticating and proceeding further.
Collaboration is critical
Even the smallest government organization is big enough that departments and information become compartmentalized. Everyone is busy and they don’t think they have the spare time to share what they’re seeing and dealing with. But finding the time to set up a regular, recurring routine where department heads share threat intelligence would be well worth the effort. If a bad actor gets to one person or department, they are going to get to other people and areas of the organization.
Let’s say your IT department shares with all the department heads know that they are seeing an unusually high level of login failures. Is it more likely that all your employees and citizens suddenly forgot their passwords or that a fraud organization has implemented a password spraying attack, leveraging passwords they have found on the open web and the dark web to see if they can guess their way into credentials? Having repeatable operating routines where each department is held accountable to one or two metrics brings these patterns to light, where they can be addressed before they become larger problems.
Collaboration makes it easier to propose, recommend, and get buy in on technology investments because everyone is working together to address a shared threat. With everyone on the same page and group confidence in a tool, you can then work together to design processes around the tool to ensure everyone is utilizing it to its fullest. It also allows for fine-tuning it and the processes used to focus on the biggest threats for the maximum benefit.
Getting a handle on and addressing all the security threats out there can be an arduous task. Most organizations’ IT teams are stretched thin as it is, and with budget challenges, it can limit your ability to put technology to work. The fact is, in a 2021 Thomson Reuters survey, government leaders said the biggest challenges around fraud protection were associated with constraints in budget and resources.
Now for some good news. Companies like Microsoft have put more focus on fraud protection. Originally developed for internal use (as a top 10 e-commerce company, fraud is a challenge for them, too), the Microsoft Dynamics 365 Fraud Protection is a cost-effective solution that operates in the Cloud and integrates quickly and easily with existing government systems, allowing them to quickly strengthen fraud protection without impacting their operations. It revolves around adaptive AI technology, which means it is constantly acquiring information about evolving fraud patterns.
Learn more about fighting government fraud with HSO and Microsoft
Microsoft and HSO have joined forces to educate governments on fraud and how to address it.
Watch this on-demand webinar:
Citizen Data Protection – How Your Government Can Ensure Comprehensive Cybersecurity with Microsoft Dynamics 365 Fraud Protection
You’ll hear about common challenges, use cases, and solutions from industry experts: Sondra Feinberg, Global Partners and Alliances Fraud Protection at Microsoft; Betsy Appleby, VP and Global Industry Director of Public Sector at HSO; and Theresa Payton, CEO of Fortalice Solutions and former White House CIO .