Conducting internal training in the form of sessions, presentations, workshops, and kick-off meetings is seen as one of the most effective methods to increase the effectiveness of a fraud strategy. Conducting training accomplishes two key tasks: first, it provides tangible data and information to the staff on the problem and where the current and potential vulnerabilities are; second, it creates a personal connection between those in the actual training session. This connection is highly overlooked yet is an extremely important aspect of a successful fraud program, as communication across departments, units, and disciplines is critical for highly focused strategies. In one carrier I routinely perform training for, there was a rolling joke pertaining to how its fraud referral rate increased significantly after I performed a training session. I recall one specific training session that involved both the fraud and front line claims unit; the topic of the session was focused on performing a successful interview as part of an investigative tool. The session ended on a Monday, and there was a remarkable spike in fraud referrals starting the very next day! Again, the training was successful because it increased the awareness of the fraud problem and served as a reminder to the internal staff that fraud should be a priority.
While working in the Nordics, I recall a very interesting conversation I had with a corporate security executive for a large financial services company. His organization became the victim of cybercrime. A malicious virus was inserted in its internal computer systems, which cleaned out about one-third of its files before the organization could counter it. After this incredibly costly and damaging situation, he embarked on an extensive internal penetration test to assess the status of his internal security. He sent out two hundred fake malicious test e-mails and physically mailed fifty USB sticks to several offices in unmarked envelopes. About 35 percent of the employees either clicked on the malicious e-mail or inserted the USB stick into their computers, a very alarming percentage. Considering it takes on average 164 days to detect ransomware, it is critical that the internal staff is well trained and well educated as to the damaging effects of this crime.
Almost all the carriers and companies that I have worked with through my career have remarked that offering training is an extremely worthy investment of time and resources. Training serves to formally educate but also simply create an awareness of the fraud problem. The resistance to perform training often comes in the form of the lack of ability to quantify its worthiness. However, I would argue that all other factors being equal, companies should monitor their fraud rates, and I would guarantee that they will see an increase in fraud referrals following any form of training session.
Stay safe!
Dr. Fraud