Podcast transcript

Grace (Ravelin): Hello and welcome to Ravelin’s podcast! Today I have the pleasure of speaking with Toni Sless, a fraud risk management consultant and founder of the Fraud Women’s Network. Toni is a powerful advocate of professional women supporting each other, and I am very excited to have her on this podcast. Today we will be discussing her fantastic organisation and her fraud insights for 2021. Hello Toni! Thank you for coming on our podcast today!

Toni: Hello Grace, thank you very much for having me, both yourself and Ravelin, this is a great opportunity! Thank you.

Ravelin: Well we are very excited to have you so thank you for giving us your time. So just to get started could you tell us a little bit more about yourself?

Toni: Yes of course, happy to Grace. I’m a Fraud Risk Management Consultant who provides strategic and advisory services to FTSE 100 organisations relating to all aspects of fraud risk management. I’m also very proudly the founder and Chairwoman of the Fraud Women’s Network, which was established in 2007. It’s success though, I have to add, has only been made possible thanks to our patrons, the board and steering committee of the Fraud Women’s Network both past and present, and of course our Members!

I also mentor many women in various disciplines including cyber security and other facets of security. I work with my local community promoting local interests, improving housing conditions, amenities, security and the environment. And I’m very proud to sit on the Board of Trustees of the African Community School which is a local community initiative which does some fabulous work in the area. And I also sit on the Editorial Board of the Cabinet Office’s Public Sector Counter Fraud Journal, and am also a SCAMbassador for National Trading Standards ecrime team promoting safety and awareness about scams

Ravelin: Well you are an extremely busy person!

Toni: Thank you yes, it keeps me busy and occupied, especially at the moment. And I really love all the work that I do as well.

Ravelin: So how did you get started in fraud prevention, and go on to have such a fantastic career?

Toni: Wow yes, well it started a long time ago. Originally I started working in the music industry - who knew? But unfortunately given the time and the climate as it was then, it didn’t last as long as I wanted it to. And sadly ended up being out of work for some time. And to make sure I got back into work, I was strongly recommended that I should do some course, and decided randomly to do a legal secretarial course. Which actually ended up putting me in good stead in the long run. I ended up getting a couple of good jobs straight off the bat of finishing the course, and then became an executive assistant and started working for General Electric (GE). Which was a long long time ago.

Back then, a very lovely chap by the name of Ron Warmington started working at the company (GE) and he needed someone to support him on various projects. Bare in mind back then I was still an executive assistant. I wasn’t assigned to him originally and then I was, but I couldn't manage both workloads for him and for the lawyers I was working for at the time. He wanted to support me though, and in fact turned out to be more supportive than the ladies that I was working for at the time, and he took me under his wing, and I ended up working for him - and he was head of fraud risk and prevention at GE, for Europe, and laterally I believe globally. He took me under his wing, promoted me and I started working as his fraud analyst. I learnt what I did very quickly thanks to him, and that started my career 20 odd years ago.

Ravelin: The reason I asked is that you’ve said in our previous conversations that people often ‘fall into’ working in the fraud industry and then find that they absolutely love it - what is it that you love so much about your job that’s given you such a long career?

Toni: I think it’s the problem-solving around things. Particularly around fraud because it’s interesting, the landscape is forever changing, the MO may not change, but the enablers to the fraud does and you’re trying to stay one step ahead of the fraudsters, so you’re constantly busy, constantly thinking about what it is, the dynamics and how that’s impacting consumers, businesses and employees as well. And you’re trying to understand how they’re targeting consumers and a business. And for every new product that is launched, and indeed for every change in a product, the fraudsters are going to try and break it and try to gain a pecuniary money advantage, so we have to think how we can stop them from doing this. So it just becomes a dynamic, ever-evolving situation which I think is really really interesting.

Interestingly though, it’s the same for the people on the other side, the fraudsters, after all, they’re always trying to stay a step ahead of us as well. Like us, they’re running a business with their own teams. So, it’s trying to maintain that dynamic. And because of that constantly evolving environment, it just makes it very exciting and very interesting. And likewise, we are always learning as technology continues to develop too, so it keeps us involved.

Ravelin: So going back to the Fraud Women’s Network- I’d love to know how it started and why it started - what were you looking for when you founded the network?

"We agreed that our objectives would be to support, nurture and champion women in the fraud prevention arena"

Toni: I think let’s take a step back just a little bit. When I first started out, and I know I keep saying that but it is very important, I was advised that my contacts are extremely important, they are important generally, but particularly important in the area of fraud prevention and all manner of security, as you’ll never know when you need them for advice, sharing best practice, investigations and the like. And when I first started out I was introduced to people in the industry, but actually all of them were men. And it really surprised me, I was like ‘surely there must be women that work in this field as well?’ So as I started to gain more confidence and meet other people on my own, I actually started meeting a few women, but interestingly none of them knew each other, which surprised me because the guys did. And it seemed, back then, a bit like an 'old boys club,' sorry guys, but it did! I therefore thought it would be a good idea for us women to meet on a regular basis, like the guys did, so we set about meeting over dinner and a glass of wine, and from that we saw the benefit of formalising what was then a little network of a group of 2 or 3 of us, and then became 8 of us, formalising this little network to a wider female audience as we learned so much from each other. So therein began the start of the Fraud Women’s Network. We set about developing a business plan, what our objectives and aims were going to be, the types of people we wanted to involve - not just women but men as well. We launched in 2007 to an audience of over 200 people, and back then, it was the first female network of its kind in the industry, and we were just so proud of getting all of those people together.

"It seemed, back then, a bit like an 'old boys club,' sorry guys, but it did!"

We agreed that our objectives would be to support, nurture and champion women in the fraud prevention arena; offer events on industry related subjects and provide opportunities for women to network together, provide advice on career progression. We offer mentoring, still do, and of course provide friendship, advice and support.

That said though, when we founded the network, we didn’t have a clear set five year plan or indeed thought we’d still be going today and that there would be a need for the network some 14 years later. But, given the consistent return of members and of course new members joining all the time, there clearly is still such a need for such a network.

Ravelin: And that’s amazing, I love hearing about the work you’ve done with the Fraud Women’s Network, and that you say it is an inclusive space, it’s not exclusive, and you gladly welcome men to join - it’s such an encouraging space. And like you said, it’s still here and thriving 14 years later. So what do you think still needs to be done as a woman in the workplace and in the fraud prevention arena? And why is it that we still need the Fraud Women’s Network?

Toni: Women still face gender issues in the workplace. And I think it’s fair to say that it’s not just in the security industry, I think it's a given that it's across all industries, irrespective of what they are. But there is still great work being done now, to improve diversity and inclusion, and I really applaud the businesses that are doing that. It’s been a long time coming, it’s a shame that we still have to do it, but the industry is embracing that, and doing more towards it. And as I said, I didn’t think that 14 years on there would still be a need for a network for women in this industry, but there is.

"I didn’t think that 14 years on there would still be a need for a network for women in this industry, but there is."

I think there are some barriers though, for women, certainly in our area, and for security in general, but for fraud risk, there is no clear defined career path that you can go down, for those wishing to get involved in this arena, there certainly wasn’t for me. Unless you’re willing to take a masters in security or a similar qualification, or if you’re fortunate enough (you’ve still got to study) but you have an accounting/auditing, coding, analytical or risk management background, so you are reliant on people supporting you, giving you that “leg up” so to speak and seeing the benefit of your skills or being in the right place at the right time.

I know some organisations are great at recruiting women and have seen equal measure in teams of men and women, but not at more senior levels. And I think that’s where we are seeing a problem. Not least because I think people don’t move as frequently within our industry, once they’ve got to that level they don’t necessarily step down or aside for someone else, male or female, to step into their shoes. I think it’s also fair to say though, to go back to that point, that there are few women that sit at board level or other senior levels. For example if we’re sitting in a meeting, particularly a senior meeting, you’ll probably see for example 10 men round the table, maybe one or two women. Not all the time, but it’s fairly consistent, sadly. Several of my peers have succeeded, which is fabulous- I look at some of the people on our board on our steering committee and equally our patrons, who have succeeded, but they’ve had to push really hard to get to where they are. Can the same be said for men? I don’t know. I’m sure that’s a contentious question, but I do sometimes wonder.

"Sitting in a senior meeting, you’ll probably see 10 men round the table, maybe one or two women..."

But, I really want to add here, let’s not be negative, I don’t want to be negative, I’m just highlighting the differences. Since I started out in this field there has been some progress which is a huge positive. There’s been some significant progress. And there are more women in our industry and certainly more overall now in security as a whole, so I think progress has been made since I started some 20-odd years ago. Let’s keep that going. And also, I have had massive support and encouragement from many men, and of course women, for which I am extremely grateful. And equally to those men who have also been strong advocates of the Fraud Women’s Network and see great merit in it. So thank you. As you say they are welcome to attend some of our meetings - not all of them because they are specifically related to women and building up their confidence in a safe environment - but you know they are welcome. If I started naming people I would fear of missing someone off, but I think those men that I know, know how very pleased and encouraged by the support they’ve given, not only the fraud women’s network, but me personally, so thank you guys.

Ravelin: Yes, that’s really lovely. And you’re right, there’s definitely been progress made. I’ve (Grace) only recently started in my career, and everyone, men and women, have been so supportive and progressive in their outlook. But unfortunately it still is there, that barrier we need to break down, and it’s great that you are doing this work.

"Progress has been made since I started some 20-odd years ago - let’s keep that going."

Toni: Thank you. I think one of the things is, no one actually knows what the answer is. I’ve worked in organisations where there’s been some clear talent, particularly of people that are junior, but because of the barriers within the company as to how they promote, and/or they don’t have the head count, or they don’t have the role so they have to write one specially. And I get it, there are business constraints, but sometimes if an organization and/or a manager sees the merit in someone, maybe we need to be a little bit more inventive as to how we can actually push those people forward and support them. And not even inventive, but actually just what can we do to nurture that talent.

Ravelin: Absolutely. So moving on, we are in the first weeks of 2021 and it's been a turbulent start to the year already. England has just entered another national lockdown. Covid-19 is still a massive crisis, and unfortunately, as one of the side effects, it’s created opportunities for fraudsters or rather, fraudsters have used the crisis to their advantage. I’ve heard, and I’m sure you have as well, about multiple vaccine-related scams, like emails mimicking the NHS. So I think it's important we talk about the impact of these extraordinary times on the fraud world. So in relation to all of this overwhelming context, what do you see as the biggest fraud risks to businesses out there at the moment and going forward?

Toni: Sadly there are a lot of fraud risks out there. However, businesses are jumping up and managing them. I think there’s going to be a higher risk of internal fraud due to people working from home. Now let’s be fair, not everybody is going to commit internal fraud or employee fraud, but I think, businesses have had to mobilise work forces with pace, rapid pace, they may not have had their business continuity plans up to spec to manage such migration and plan against potential risks.

"I think there’s going to be a higher risk of internal fraud due to people working from home."

Employees have access to data that may not be as secure as it would have been in an office environment, for example, people can take photographs using mobile devices of customer/employee data, business data, perhaps controls won’t be as tight, or weren’t as tight but now have become tighter, as they would have been in an office environment. A lot of people are at risk of losing their job, have been furloughed or may have lost their job, therefore employees may feel aggrieved and rationalise the opportunities available to them to take advantage of reduced security protocols or changes to security protocols. So I think that is one of the small risks, but I think it is a risk. We may not see it now, but we may see it further down.

Remote working may also mean it’s more difficult to quickly fix problems that threaten internal security. I could wax lyrical for ages but I won’t because I know we’ve got limited time. More broadly, there’s threats to customers as we’ve already talked about- phishing, what’s also known as whaling fraud or CEO fraud, scams, text messages, account takeover, impersonation fraud, as you mentioned earlier on.

More vulnerable people or people that are not as tech-savvy are being forced online, because it’s the only way they can get supplies or access to friends and family and stuff. They may not have the right security on their devices to better protect against phishing, online fraud, etc. They may not be aware of how to spot fake websites, or indeed could be tricked into giving away personal data or banking data. I’m going to mention a couple of useful campaigns. One of them is lead by UK Finance and it’s the Take Five campaign, it offers straightforward and impartial advice to help everyone protect themselves from preventable financial fraud. Definitely worth looking at. And similarly Friends Against Scams offers good advice too about how to spot scams and equally how to support victims. I urge people if they’re concerned if they don’t know what they are looking at to take five and equally to have a look at the friends against scams sites, because it gives them really good sound advice.

"More vulnerable people or people that are not as tech-savvy are being forced online..."

Ravelin: It’s so easily done isn’t it. Anyone, even working in the fraud industry, can very easily too quickly click on a link and let a fraudster in. It’s so easily done, so that’s really good advice. From your response it sounds like employees themselves are a fraud risk to businesses and online security, which makes it a difficult problem to solve. Do you think it's fair to say that employees and the humans behind the screen are the weakest link? And if so then how do you tackle this problem?

Toni: I think humans predominantly can be the weakest link when it comes to security, because no matter how good the individual is, if they click on a link that they think is genuine, because it’s spoofed and it looks like it may have come from someone but actually it’s not, then that could let in a whole heap of trouble for an organisation. But, I think you know, if policies, procedures and processes aren’t robust, tested and reviewed on a regular basis, and training and awareness rolled out regularly, then can you actually blame the humans? You need to have the right tone from the top as well, again it’s that continuous training and awareness about fraud risks to the business, personnel and customers, and continued enforcement of both internal and external fraud policies. And of course, you can’t forget having a decent incident response plan. Irrespective of the incident, whether it be of human failure, failure in technology or an external attack, you’ve got to make sure you have the right incident response plan in place.

Ravelin: So what advice would you give to women working in fraud or just starting out in the industry? A nice way of imagining it is if you could go back in time and speak to yourself at the beginning of your career and give yourself some advice, what would you say?

"Network - learn from industry peers...share best practice and knowledge."

Toni: I think one of the most important things that happened to me was having a mentor, and that was the guy I mentioned earlier, Ron, who very kindly took me under his wing. So I think, get a mentor - male or female - and also a business sponsor. So a mentor could be someone inside the business or outside, sometimes I think it’s useful to have someone outside the business, because things will be more objective and impartial. But definitely get a business sponsor, somebody within the business that will guide you, offer advice and have your back when going for promotions and other career progression. And they will believe in you, and I think it’s really important to nurture those relationships.

And also - network. Learn from industry peers and of course seniors, understand what’s going on in the industry, for example the threats they’re facing, share best practice and knowledge. And dare I say (I appreciate it’s promoting the Fraud Women’s Network), but join! You’ll get to meet great women who understand and will support and guide you, and also of course the guys when they are there as well. And you’ll continue to learn about fraud that way you’ll continue to evolve.

Ravelin: Well thank you so much for that advice and for your time today. I’ve really loved speaking with you.

Toni: You’re welcome Grace, thank you ever so much for the time and opportunity, and it really is a pleasure to meet you.

Ravelin: Absolutely, such a pleasure. And to those of you who are listening, if you want to learn more about anything we have discussed today, you will find more information on our website.