Fraud has been defined by International Standards on Auditing(ISA) as an intentional act by one or more individuals involving the use of deception to obtain an unjust or illegal advantage. In the context of this subject I’ll define fraud as wrongful or criminal deception intended to result in financial gain. In this article I’ll highlight some of the measures you can practice when protecting SACCOs from fraudsters and hackers.
Financial institutions such as SACCOs have become one of the highly targeted entities by hackers and fraudsters. This is for the obvious reason of course. The Money and the data. These attacks are normally orchestrated by very smart individuals who take advantage of loopholes in financial systems and people/users.
In this article, I’ll try to explain some of the measures that a SACCO can put place to protect itself from hackers and fraudsters.
1. Training SACCO staff on system security.
Numerous researches have found humans beings to be the weakest link in management systems. As a financial institutions, a SACCO must emphasize to its staff/employee the importance of data privacy and security.
It is advisable to employ the services of a cyber security expert to train and teach employees on various measures to put in place in order to protect themselves from fraudsters who could take advantage of them to gain access to their systems.
Employees should never write their login credentials on notebooks or papers. Also, it is always advisable to log out of computer systems when not in use.
The SACCO should emphasize to her employees the importance of not using their personal storage devices on company computers. As a matter of fact, all USB ports should be disabled to discourage users from transferring data between PCs using removable storage devices.
Employees should also watch out for phishing attacks.
2. Sensitizing members on the importance of privacy.
A SACCO should also sensitize her members on the importance of privacy. Members should also be reminded not to share their personal information such as passwords, usernames, ID numbers and date of births with strangers.
People who disguise themselves as SACCO employees or officials could easily convince members into giving out such information. This information could latter be used inappropriately to defraud the SACCO.
3. Remind members of the official & available SACCO’s communication channels.
Reminding members of the provided communication channels is a must. A SACCO should take advantage of the AGM to pass this kind of information. Send SMS notification to her members (using the SACCO’s registered USSD service) to remind them of this. This way, members will start taking note of the contacts and could easily help the SACCO fight fraudsters.
4. Investing in a good SACCO Management System.
A good SACCO Management system should be secure. System security is critical. When purchasing a SACCO Management System, a SACCO should make sure that the system protects the data. A good system should enforce a password rotation mechanism. Passwords should expire after a given period of time and users must be forced to create new passwords.
Passwords should also be made long enough (8+ characters), must include numbers, spacial character, capital and small letters. The system should also encrypt the stored data. System security is a wide topic that I can’t finish. I’ve only scratched.
5. Block/Disable accounts for ex-employees.
When staff members leave the company, SACCO must take a step to revoke their access right to various systems used by the SACCO.
You should not leave their accounts floating unused on your systems. This goes back to investing in a good system. At least the system should have a mechanism to revoke this rights.
6. Install updated antivirus softwares and scan computer systems regularly.
We all remember wannaCry cryptoworm. If know nothing about it then about its details here. You can’t talk of protecting SACCOs from fraudsters without mentioning antivirus softwares. This should be done by the ICT department. All computer systems used by the SACCO should have updated antivirus software. This makes sure that a SACCO is safe from latest viruses and threats.
7. Audit SACCO’s financial books.
A SACCO should perform annual auditing of her financial books. Financial auditing ensures that accounts are accurate and finances are being distributed in the fairest or most efficient manner.
8. Audit management systems used by the SACCO.
Apart from currying out financial audits, SACCOs should also audit their management systems. This process evaluates and improves the effectiveness of the systems. Audits are carried out in order to verify that the individual modules within the system are effective and suitable in achieving laid out goals.
This are some of the measures you should practice when protecting SACCOs from fraudsters. Feel free to add more in the comments section.
PS: If your SACCO is not using Firbo360, you’re missing out on a lot. Let us digitize and expand your SACCO. Get in touch here.