How to Protect Your Business from Fraud
The 2018 Report from the Association of Certified Fraud Examiners found that, from 2002-2018, small businesses had a fraud frequency around 28%, which was higher than that of larger organizations at 22-26%. This is often because small businesses are not as equipped to deal with fraud or to detect it as quickly as larger ones. The impact of hundreds of thousands of dollars worth of fraudulent behavior is inflated in companies with less than 100 employees, where that kind of loss could wipe out a year’s worth of revenue. Although it’s never possible to ensure that your business will be totally free from fraud, there are steps you can take here and there to greatly reduce the risk.
- Protect your banking. By protecting your accounts and who has access to them, you can substantially decrease the risk of fraud. First, make sure you have separate personal and business-related bank accounts, and switch to online billing so that physical papers can’t get into the wrong hands—never stay logged in to online banking sites, either. When you do have to take care of finances on paper, drop off your mail directly at a post office to make sure it stays protected. If possible, dedicate one computer exclusively to banking and only authorize a handful of people to use it. Consider separating financial duties so that payments must be initiated, approved and reconciled by separate people. Hire both an internal and external auditor to ensure you’re keeping clear and organized records of all financial activities so you can regularly monitor accounts for suspicious transactions.
- Keep your business separate from you. Just as you should have a separate bank account for business and personal finances, make sure to keep your personal identity separate from your business. If you opened your small business using your social security number, consider switching to an Employer Identification Number so that both you and your business are better protected against identity theft. You can check your eligibility and apply easily for an EIN on the IRS’s website.
- Safeguard computers. Strong firewall, antivirus, malware and spyware protection software is an essential investment to protect all company devices against outside fraud. Requiring employees to change their passwords every 60-90 days is also a good way to protect your business. Set up secure password requirements, such as a minimum character length and special symbols and/or numbers. If employees use different company sites throughout the day, require different login information across those, too. At least once a month, back up important files to be stored offsite in case of a crash or breach.
- Run background checks. It can be pricy to run background checks on multiple job candidates, but it’s worth the security of your business. As an employer, you must obtain consent from each candidate before you can run a background check on them. Since these checks typically cost $30-$50 per person, it can be worth waiting until you have narrowed down your finalists to run them. Although this is an essential measure to take to protect your business, data finds that most fraudsters are first-time offenders, so additional security methods are still necessary.
- Secure your office space. Establish a secure entry system that requires keycards to access office spaces. Certain specialized areas, such as a server room, should only be accessible to the people who work directly with that equipment. Consider also keeping a log of when employees enter and exit buildings since these entries could come in handy in the event of fraud.
- Educate employees. Your employees are one of your best defenses in detecting fraud before it’s too late, but they need to know what it looks like and how to go about reporting it. Invest in fraud detection and cybersecurity training for your company so that suspicious activity doesn’t go unnoticed.
- Have a plan. You can never predict when fraud will happen, but it’s important to have a plan in place for how to combat it if it does. Outline what steps you’ll take to get back any data and how you will prevent a similar kind of attack in the future.