10 tips to prevent fraud in your small business
If you are a small business which has not experienced a fraud, you are in a lucky minority and the numbers suggest you could be next.
That’s the message from Curtin Business School following research that found that one in eight Australian small businesses had been targeted by scammers and had spent up to 100 hours dealing with the aftermath.
As in the past, Australian small businesses still face significant risks from their own employees. According to KPMG’s latest six-monthly Fraud Barometer, the most common perpetrators of fraud are business “insiders”, with management behaving badly twice as much as other employees, often to fund extravagant lifestyles or gambling. However, just as the online world has opened huge opportunities for small businesses, it has also created huge threats.
A recent study by the UK’s National Federation of Self Employed and Small Businesses, found disturbingly high levels of cybercrime against smaller businesses with two thirds of its members becoming victims in 2014 and 2015.
The Australian Competition and Consumer Commission (ACCC) Scamwatch site warns that scammers recognise that small business operators are busy and have fewer resources than larger businesses, and aim to take advantage of that.
It adds that scammers are becoming increasingly sophisticated and will go to great lengths to make their documents or offers look legitimate. They can easily copy or modify letterheads, names and logos to make them look real, or set up a professional-looking but fake websites. They can also gain access to supplier's email accounts and intercept emails without anyone realising this.
Types of fraud targetting small businesses
Many types of fraud are targeted at small businesses. Here are examples of just a few:
- False invoicing: Being asked to pay fake invoices for directory listings, advertising, domain name renewals or office supplies that you didn’t order. Or to pay fictitious suppliers, or even valid suppliers and then diverting your payment to the scammer’s account.
- Overpayment scams: A “customer” overpays for an item and then asks for a “refund”. The fraudster hopes you will transfer the money before noticing that the original cheque has bounced or credit card is phoney.
- Malware: You are tricked into installing software on your computer that allows scammers to access your files and track your activities.
- Ransomware: Malicious software is covertly installed on your computer, blocking your access to it until you make a payment. And even if you pay, you still may not get access back.
- Whaling or spear phishing: Attempts are made to get confidential information from you for fraudulent purposes.
- The fake boss: Scammers pose as the boss, either by hacking into an actual email address or by setting up a similar one in that person’s name. They then demand an employee send money to an account “now and we’ll do the paperwork later”.
- Employee fraud: Employees use business credit cards for personal expenses or claim for time not actually worked or for expenses not actually incurred.
- Government imposters: Scammers pretend to send messages from government agencies such as the ACCC, Federal Police or Australian Taxation Office, requesting immediate payment into a certain bank account.
Tips to protect your business
As they say, prevention is better than a cure. Here are some steps you can take to protect your business from fraud:
- Have clear internal controls for managing accounts and invoices. Ensure staff are aware of these and build these into their jobs. Don’t permit shortcuts or changes.
- Don’t allow one person to run the show. Consider segregating duties. No one person should be responsible for a complete transaction from start to end. Require two signatories for cheques and additional authorisation for big electronic transactions. Cross-train staff and rotate roles. And enforce continuous annual leave – for example, two weeks of consecutive leave a year – during which someone else takes over the role. Fresh eyes can pick up irregularities.
- No matter how busy you are, ensure you regularly reconcile accounts, especially bank statements. Also, carry out regular and unscheduled audits on financial processes. Letting staff know you are checking things can act as a powerful deterrent.
- Keep your computer systems secure. Use reputable, up-to-date anti-virus software and a firewall. Update passwords and backup your data regularly.
- Double check all requests for payment. If you notice suppliers’ bank account details have changed, call them to confirm.
- Don't click on links in emails from unfamiliar contacts.
- Ensure money has cleared in your bank account before issuing refunds or sending products.
- Lock your premises, filing cabinets and safe when you leave. Consider restricting physical access to parts of your premises and installing an electronic surveillance system.
- Do thorough background checks on all potential employees, contractors and suppliers, and watch employee behaviour. Areas of concern can include employees who regularly work overtime or don’t take leave; those who appear to be living beyond their means or don’t complete required reports or reconciliations.
- Facilitate whistleblowing. Allow employees to freely communicate their worries without negative consequences. And follow up on all concerns raised