Protecting your small business from fraud

For many small business owners, fraud has become an increasingly important issue, from both a risk management and legal perspective. By failing to take the right steps to secure your business from both internal and external threats, small business owners could be exposing themselves to both financial and legal risk.

Internal Threats

Although it can be hard to imagine, there are plenty of ways that your own employees can commit fraud without you even realizing it. One of the most popular ways is by padding employee expense reports. A lack of receipts accompanying an expense report could be a red flag that costs have been artificially inflated, with employees pocketing the difference between the real costs and the reported costs. As a result, be sure to put into place a way to monitor employee expense reports.The same logic applies to vendor invoices. Business fraud experts warn that some employees may collude with vendors to submit falsified invoices in the hopes of splitting any profits from paid invoices. And some employees might take this type of fraud a step further by completely making up a “false vendor” and making sure that any vendor payments go to bank accounts that they control.It is important to set apart your employee’s duties.  As an example, the person responsible for collecting cash, should not also be responsible for reconciling the receipts.  As a business owner, your accounting software should make it easy for you to spot check your accounting processes.  Spire allows you to do this by running a quick report, or by instantly viewing your entire GL at a glance.

External Threats

With the fastest-growing type of external threat being ransomware, it is important to secure your IT infrastructure. In the classic ransomware attack, an email sent to employees at your business will encourage them to open up an attachment or click on a malicious link. Once the link is opened, malware will get installed on the computer and spread to the network and the company will receive a ransom letter demanding that a payment be made or the data will be deleted forever.Many of the most common fraud threats can be avoided with these steps:

1. To prevent phishing attacks, employees should be told to check the source of incoming emails to make sure they are legitimate. That’s because many hackers try to “spoof” the name or identity of a legitimate business in order to get people to open their emails.

2. Make sure all of your computers are up to date with the latest version of the operating software.

3. Use reliable antivirus products

4. Make sure all passwords are at least 15 characters using numbers, upper and lower case letters and symbols.

5. Clear internet temp files on a regular basis.

6. If you are connecting through an RDP connection, make sure it is through a gateway.

Despite all precautions, nothing is guaranteed.  It is best to be prepared by having automated backup in place so that you can essentially “reboot” your system from data stored in a third-party location.

If you have been an unfortunate victim of fraud, it needs to be reported.  To find out how, please visit the Canadian Office of Consumer Affairs.  For help in recovering your data, the Tri Tech service department can do their best to assist you.