Charities are at risk of internal fraud and cyber crime because they put too much trust in individuals and do not have adequate controls in place, the Charity Commission has warned.
The regulator spoke out today after the National Fraud Intelligence Bureau released a national alert highlighting the threat posed by people working inside organisations.
According to the NFIB, a police unit that tackles fraud and cyber crime, more than 50 per cent of organisations have suffered insider attacks in the past year and 90 per cent of businesses feel vulnerable to internal cyber attacks.
It said insider fraud posed a greater threat than external fraud because staff have access to sensitive data and are familiar with an organisation's inner workings, which makes it easier for them to access systems and steal data – often undetected.
"Charities are as vulnerable to insider threats as the private or public sector," the commission said in a statement.
The regulator added that its research had identified three factors making insider fraud more likely: poor challenge and oversight, weak or badly applied internal controls and putting too much trust and responsibility in one person.
The commission urged charities to read its guidance, Protect Your Charity From Fraud, which it published two years ago and updated in March this year.
It also advised charities to restrict access to sensitive electronic files to relevant staff only and consider encrypting it.
Charities should also monitor employees for abuse of IT systems, according to the commission. "Minor misdemeanours have the potential to escalate to serious frauds if they go undetected," it said.
Organisations should also adopt fraud policies. "Make it clear that any criminal breaches of your policies will be reported to the police and other relevant authorities," the commission said.
Charities that experience insider fraud should contact Action Fraud on 0300 123 2040 and report it to the commission as a serious incident.