For many businesses, both large and small, fighting fraud can seem like a constant battle.
Fraud affects 1 in 4 small businesses every year. In the last year alone fraud losses to SMEs were estimated at £18.9 billion, proving that no business is too small to be targeted.
Fortunately, there are simple steps you can take to take control of your business and help to protect the revenue, reputation and long-term health that could be at risk through fraud. Risk is inevitable in business dealings, but you must be aware how to assess and reduce those risks wherever possible.
The latest research has shown that 63% of SMEs that had experienced fraud were concerned about being targeted again. Although, shockingly, a large portion of these victims underestimate the risk, with one in ten failing to take action after suffering a breach. Other findings include:
- Businesses trading online are 11% more likely to experience fraud
- 23% of SMEs reported that they had experienced computer hacking at some time, making it the most common crime type. It was also the crime that caused the most concern, with 55% of SMEs either very or quite concerned about it. This was followed by card fraud (19%) and employee fraud (18%).
- Around 12% of fraud victims reported losing more than 1% of their annual turnover
- Only 53% of businesses report a fraud after it takes place.
Whilst all businesses are different, there are general principles that can be applied regardless of size or function. The information below will give you an overview of the actions you need to take, and help you to adopt a general mindset of awareness and action to protect vulnerable areas of your business.
Assess your risks
Complete a risk assessment to identify areas where potentially sensitive or valuable information is being held, and could be at risk. By identifying what data is attractive to criminals (such as customer data), you will be in a much better position to take the right precautions to keep it safe. Make sure you are compliant with the Payment Card Industry Data Security Standards (PCI DSS) which are designed to ensure that you’re processing and storing customer card data as securely as possible. Also, seek to understand the risks areas that are specific to your business, and ensure your systems and controls target and manage those risks.
Having a written data handling process will set out who has access to information and at what level, how it is kept secure and how clients’ privacy is protected. Confidentiality agreements are vital for the people who are able to see this information.
Unfortunately, employee fraud is the most common and often the most damaging type of fraud, so be careful who has access to your company accounts and do a background check on anyone who will be able to move money around within your business.
Get tech savvy
Ask your web developer how they are protecting customer information, including personally identifiable data. Web developers should also frequently conduct patch management, monitor your site for suspicious activity and regularly search for traces of malware.
Make sure that all firewalls and antivirus software is up to date on all your devices. For example, if you have your desktop computer thoroughly protected but your linked tablet is wide open, you’re still running a risk.
Also be aware of any suspicious online transactions. These may include outlying high-value orders, or uncharacteristic behaviour from existing clients. Be sure to check out any missing information, too, such as different shipping and billing addresses, and local credit cards but overseas customers. It usually only takes a quick email or phone call to verify the details and establish whether or not the order is authentic.
Security isn’t a one-off cost, but an on-going series of actions. It’s the single most important investment into the future of your business. Keep up to date on the latest security threats and solutions, and maintain an open dialogue with your whole team. This will ensure that you stay protected even as the landscape changes.
Stay alert, because in the event that your data is compromised, events may snowball and lead to further, irreparable damage. For more information on how to prevent this, have a look at this handy government source: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/118453/sme-fraud-segmentation.pdf
What if the fraud is coming from INSIDE my company?
Managing the risks within small and medium-sized businesses should be high on the list of priorities for owners and managers, because although large companies can be greatly affected by fraud, SMEs can be destroyed by it. And no fraud is as damaging as internal fraud.
Here’s a difficult question: Do you trust all your staff implicitly?
Frauds are often simple and succeed because the fraudster is trusted, and is therefore never challenged or checked. But here are some simple measures you can take to avoid this:
- Segregate duties. No one should have control over all of the accounting functions of the business.
- The bookkeepers work should be checked by directors. For example, the payroll should occasionally be reviewed prior to payment, and a system should be in place for recording and authorising overtime.
- Review payments. Put a proper system in place for reviewing and authorising payments to suppliers.
The overall impact on a business after discovering a fraud will always be greater than the fraudster’s gain. Implementing even the most basic of security measures can ensure that even in the event of a breach, you are in the best possible position to continue trading and diminish the financial and reputational impact on your business.
There is significant support available to small businesses who are at risk from fraud or online crime. Action Fraud is a national service for individuals and businesses alike where you can report fraud, and obtain information on how best to protect yourself.