Fraud is a serious risk for small businesses. Businesses receive less protection under law than individuals when it comes to bank fraud and the risk of cyber-fraud is ever increasing. But the risks to businesses don’t just come from outside the company; they may lurk within the company too. Employees all too often commit fraud and without the appropriate risk prevention measures in place; they may do serious harm to the business before they are caught.
With that in mind here’s how to protect your business from fraud:
Preventing Employee Fraud
Small businesses are trusting environments. They have to be. There aren’t enough people in place for you to run a strict monitoring regime and that means you need to take sensible precautions that don’t become unduly burdensome on day-to-day operations to prevent fraud.
It’s worth noting that fraud from employees can come in a number of guises; they might fiddle their expenses, steal products or money from the company, embezzle money from the company bank account or abuse the petty cash float.
Here’s how to help prevent employee fraud in your business:
- Have an approval process. You want to make sure that while an employee can set up a payment if their duties require it – they aren’t also the person to authorize that payment when it comes time to pay up. Having an approval process means that at least outgoing payments are scrutinized before they are made and any unusual transactions can be queried while the money is still in your bank accounts. You might also want to have a second check for larger amounts to prevent collusion between employees.
- Always run background checks. If an employee is going to be handling cash or payments or is going to need access of any kind to your bank accounts – then you must run a background check on that employee. Whilst a criminal record for any kind of theft or fraud should automatically disqualify them from the role; you also want to look at their credit records. Someone who has serious debt is more likely to be tempted to steal than someone who keeps their finances in good order.
- Computerize your inventory system. Weak stock control systems make it very easy for employees to steal products or supplies. If you automate your inventory system; it’s easy to run reports for unusual activities and to carry out spot checks when something suspicious turns up in the records.
- Independent audits are a good idea. A third-party audit can help spot activity which has become normalized in your business but is in fact suspicious. Auditors can also help identify opportunities for better business practices and help resolve minor, non-fraudulent, issues too.
Preventing External Fraud
Cyber-crime in 2015, according to McAfee the anti-virus experts, cost global businesses more than $400 billion. According to “We Live Security” cybercrime has grown by 200% in the last 5 years and there’s plenty of opportunity for further growth.
If you want to minimize the chances of your business becoming victim to these sophisticated international crime syndicates; you have to take specific action to ensure that your details and accounts don’t fall into the hands of those with malicious intent.
Here’s how to protect your business from external fraud:
- Keep up-to-date. Hardware and software manufacturers are constantly battling cyber-criminals but they can’t help you if you don’t help yourself. You need to install security patches for systems as soon as they are released. When a piece of software or hardware no longer receives support for security; it should be replaced with a later version which does get such support. You should always use the latest versions of anti-virus and firewall software and you should always update their libraries when prompted to do so. If you’re working in the cloud; make sure you understand your vendor’s approach to security too and that they’re staying on the cutting edge where security is concerned.
- Use a two-step login process for critical systems and a bank account. A two-step login process involves logging in to a system and then being sent an SMS or e-mail with a separate authentication code. If you can’t enter the code – you can’t access the system. It’s a surprisingly simple way of keeping criminals out of your systems though you do need to make sure you don’t use the same password for your e-mail and other systems to get the best benefit from this.
- Use device ID when possible and switch geo-fencing on when it’s available. Blocking devices that aren’t recognized by your financial and payment systems can be a very simple way of keeping outsiders from your financial data and bank accounts. Similarly, if you run a small business in Nebraska – it’s unlikely that your employees are going to need to login from the Ukraine or Thailand. Geo-fencing enables you to restrict access to places where it’s needed and block everywhere else.
- Train employees about basic security protocols. Your employees are vulnerable to accidentally handing out your data or letting hackers into your network. Train them to understand what phishing e-mails are and how to report an e-mail if they’re unsure of the source of an e-mail. Develop a cyber-security policy and implement it. Make sure that your employees aren’t downloading unknown software on company machines or bringing in infected external storage systems (such as pen drives and hard drives) and plugging them into the network either.
While fraud may be on the rise; there’s no reason that most small businesses can’t take precautions which dramatically reduce the chances of fraud from both employees and from external agencies. The more aware of fraud that you are – the easier it is to prevent.
This doesn’t mean you start treating people like they’re all potential criminals but rather implement a system of sensible checks and balances, like the one above, to reduce risks to manageable levels. You can prevent your business from becoming an ugly statistic without turning it into a police state.