Simple Ways to Prevent Fraud in Your Small Business
These days, small business owners have to be diligent to keep their assets safe from cybercriminals. Your bank most likely has sophisticated safeguards in place to protect your accounts from fraud attacks. However, the most effective fraud-prevention strategies start at the source: Inside your company.
Here are several actions you can take to stop thieves (and dishonest employees) from taking financial advantage of your business.
- Create a dedicated banking hub. If possible, choose one specific office computer as your sole "banking workstation." Use it only for business banking, and make it clear that any other web browsing is prohibited. This strategy might sound extreme, but it's smart. Why? If you (or your employees) access the internet for anything other than banking, you could open your computer to security threats such as viruses and "ransomware." Ransomware is automatically downloaded software that allows hackers to take over your computer until you pay them ransom money in dollars or electronic bitcoin.
- Use "dual controls." This strategy makes it very tough for one employee to fraudulently access your business accounts. An example of dual controls is requiring two employees to approve all large purchases and financial transitions.
- Monitor business bank accounts closely. You're in the best position to notice any fraudulent activity on your business accounts. Obviously it can happen online or the old-fashioned way. But you can use online resources to guard against it, by doing a quick online check of your business accounts daily. If you spot any suspicious or unexplained transactions, contact your bank right away.
- Educate employees about email safety. Fraudulent emails look more like the real thing every day. However, remind employees that your bank will never email your company and ask for account or login information. Instead of clicking any links in a bank-related email, you or your employee should always directly call your business bank at the phone number you have on file or that you look up yourself. Never rely on the phone number sent to you in an email. If the email is a scam, the phone number provided will be part of the fraud.
- Lock all workstations before walking away. This practice applies to you and all of your employees. Even if you're just stepping away for a few minutes, log out. Doing so can stop unauthorized users from viewing all kinds of sensitive company information.
- Immediately disable ex-employees' credentials. Make it a priority to void the employee's computer and banking login IDs and passwords. Your business bank should also be able to immediately block any employees from online access to your company accounts.
To learn more about preventing small business fraud, visit these sites:
- Federal Deposit Insurance Corporation (fdic.gov): Search for the FDIC's "Cybersecurity Guide for Businesses."
- Association for Financial Professionals (afponline.org): Search for topics on "cybersecurity for businesses."
- National Automated Clearing House Association (nacha.org): Check out topics on "business email compromise" and "vendor impersonation fraud."
It's critical that business owners and managers stay on top of security threats, which seem to multiply daily. Make sure your employees know what to watch for and who in your company to notify if a scam is suspected. Chances are, your workforce will get tired of hearing about it, but don't let them become complacent. Remind them that the future of your company and their jobs depend in part on them being alert to cyber threats.