All businesses are susceptible to fraud, though small and mid-sized businesses are the most common victims. These companies are targeted as they often have few preventative policies in place. Though it’s impossible to be fully protected, there are proactive steps that you can take to minimize exposure to fraud risks.
Types of fraud: Fraud comes in many forms from both inside and outside a business.
- Internal Fraud: Employee theft is a common source of fraud (lost inventory, unethical accounting, theft of financial assets, fake expenses, overinflated commissions).
- External Fraud: Customer fraud (counterfeit bills, bad cheques, stolen credit cards, fraudulent requests for refunds/returns), third-party contractor fraud (overbilling, fee schemes, failure to deliver) and computer fraud (hacking, information theft, data mining) are the most common types of external fraud.
Ways to reduce fraud: There are many policies and practices that can help to reduce the possibility of fraud in your business.
- Create a fraud policy that covers topics such as what actions constitute fraud, how to report suspected fraud, who is responsible for investigating fraud, and confidentiality. Clearly outline your expectations related to employee conduct and the consequences for violating these policies.
- Provide education for all employees (security awareness, fraud policy understanding). Make sure they are aware of the need to create secure passwords, that they change passwords often and to keep passwords safe. Inform them of the importance of phishing awareness and remind staff about the dangers of clicking on unexpected links and attachments.
- Limit file access: Give employees access to only those files that are necessary to do their job. Require more than one person to complete key tasks (approving payments, writing cheques, managing petty cash, processing client receivables, approving overtime claims, recording in the accounting system).
- Protect bank accounts and credit cards: Create separate bank and credit card accounts for your personal life and business. Check security systems your bank uses for online banking to be sure automatic logout is available. Ensure that your credit card provider has suitable fraud protections in place, such as automatic alerts if an employee spends over a certain amount. Limit how and with whom you share confidential banking information.
- Keep detailed and accurate records: Accurate, detailed record-keeping (accounting records, inventory controls) helps shield your business from fraudulent activities.
- Go paperless: Going digital reduces access to information, enables fraud preventive accounting controls, permits authorization limitations and creates an easy to trace audit trail.
- Fine-tune payroll procedures: Ensure that payroll processes require HR and your payroll company to confirm deposit accounts with employees. Pay using direct deposit or open a separate business account to minimize circulation of your company’s bank account information. Use regular audits to keep check for falsified hours, inflated commissions, and other irregularities.
- Use secure payment methods: Switch to direct deposit or fund transfers. Encrypt payment transactions and partner with a secure payment processor. Consider a cheque imaging solution (scanning or picture taking) making it possible for you to deposit money automatically.
- Audit high-risk areas often: A daily check of accounts and statements is a great way to protect against fraud or accounting errors. Routinely audit areas of your business that deal in cash, refunds, product returns, inventory management and accounting functions.
- Establish a thorough hiring process: Check each new hire’s references and previous employers. Do a criminal check, especially for those employees who handle cash, manage payments and have access to bank account information. Use a reputable service that specializes in pre-employment screening.
- Keep your point-of-sale secure: Make sure all your POS devices are digitally secure. Install passwords and change them regularly. Choose systems that come with end-to-end encryption. Don’t connect your POS to external networks. At the end of each day, account for every POS device and secure devices in a location that only select employees can access.
- Know who you’re dealing with: Record basic information about the businesses/clients you deal with (address, name, two phone numbers, references). Check who the owners are and how long they have been in business. Search the company’s name online with the term “scam” or “complaint.” Before engaging with suppliers, ask for recommendations from other business owners in your community.
- Invest in insurance to help with the recovery of some or all of your losses in the event of fraud. Consult with an insurance specialist for help evaluating possible risks and determining what kind of insurance will best suit your business.
- Get expert advice: You don’t have to figure it all out by yourself! Talk to a small business advisor and/or a commercial banking consultant about products and services to help prevent fraud.
- Enable whistleblowing: Create a system that enables employees to anonymously report tips essential to dealing with fraud.
- Update all devices to the latest security software, web browsers, and operating systems. Use antivirus software, anti-malware and firewalls.
- Create a mobile device action plan to encrypt data. Make sure each employee has a separate user account, so you can trace activity if there’s a problem.
- Back up critical business data and store the information in the cloud.
- Secure Wi-Fi networks with Service Set Identifier (SSID) and password protection.
It’s easy to put off fraud prevention until an issue arises. Be proactive! By taking a few simple steps to put a fraud prevention plan into action, you’ll protect your business, establish a culture of zero-tolerance for fraud and help mitigate unforeseen threats in the future.