Your business may be small, but fraud perpetrated on small businesses isn’t cheap. According to the Association of Certified Fraud Examiners, the median loss due to fraud in 2011 was $140,000, with 20 percent of frauds getting away with more than $1 million. Half of all victimized organizations recover nothing at all of their losses. And because they deploy fewer anti-fraud controls, the smallest organizations typically suffer disproportionately large losses.
But this doesn’t have to happen to your small business. Here are four steps you can take to more effectively combat fraud:
1. Manage your finances using multiperson control. Giving only one employee the authority to receive payments, make deposits, and reconcile customer accounts can be an open invitation to act unscrupulously with your money. Instead, separate the power to disburse funds — from purchases to payroll — and the power to accept payments and make bank deposits. Assign a third person to record transactions and reconcile your account balances. It’s also a good idea to require anyone who handles your business’s money to take a weeklong (or longer) vacation at least once a year.
2. Regularly check your accounts and inventory. Have your bank and credit card accounts audited on a regular basis. If you use the same professional or firm to perform these audits every time, they’ll quickly learn to complete the job in short order. Because inventory is a type of asset, it also needs protection. At a minimum, have one person or group receive shipments into inventory and a different person or group do the annual or semiannual inventory counts. If any items are particularly valuable, keep them locked up and require people to sign them out, as needed, under supervision.
3. Install web-browsing protections. As soon as any electronic device connects to the internet, it becomes a potential target for scam artists. Major threats include phishing and malware making its way onto the device.
Phishing is an attempt to obtain your account, password, or other security information by pretending to be an authorized entity — such as a bank or a government agency — making a legitimate request for it. Defeat such tactics by establishing policies (see #4) against divulging secure information unless a manager verifies the request by calling the entity in question.
Malware refers to viruses and other invasive software that seeks access to your electronic devices in order to destroy or harvest your private data. Protect your systems against various forms of malware by installing a dedicated, reputable anti-malware app that detects and eliminates these threats before they take root.
4. Put data-security policies in writing. Many small businesses don’t bother with written data-security policies, but they are worth their weight in gold. This is because written policies underscore your fraud-prevention measures, make it easier to defend against theft, and provide a solid basis for improving data security.
The simplest and most powerful data-security policies include:
- Use secure passwords. Secure passwords typically contain 10 or more characters, use capital and lowercase letters, and feature at least one special character from the top row of the keyboard (type Shift + a number to get !, @, #, etc.).
- Passwords must not be written down and kept in the same room where they are used.
- Every secure system — and every user of each of those systems — must have a unique password.