Business fraud occurs when scammers, from either outside or inside the organisation, falsely represent themselves or lie for financial gain. It can have a massively destructive effect on your business’s finances, reputation and more.
It’s easy to get lost in the day-to-day of cash flow management and the hundred other things demanding your time, but fail to safeguard your business against fraud at your peril. Many business owners and managers aren’t even aware of the scale of the problem they’re facing.
Where does business fraud come from?
It’s easy to think of nameless, faceless bandits, completely external to the business and perhaps even in another country entirely. And, yes, this is very often the case. But sadly, fraudsters can be staff members, suppliers, or customers.
One single course of action won’t wipe out business fraud completely (sadly). However, we’ve put together a few practical ways to protect your business, your staff and yourself.
Educate your employees
Your staff are your company’s biggest asset, and they need to be kept in the loop. It’s extremely important that they understand what the risks are, and are involved in the process of preventing fraud in the business.
It’s well worth holding regular training sessions to help employees recognise different types of fraudulent activities. Introduce practical techniques they can implement to reduce the risks, and examples to learn from.
Take steps so that everyone, from the newest recruits to those who’ve been there years, is familiar with your data-handling policies for confidential information. For instance, protecting personal client or employee information, such as names and addresses.
A seemingly innocent phone query could have much more sinister consequences than it first seems! Phishing scams can also be extremely sophisticated, and often try hard to look like they’re from a legitimate source.
Employees should know what phishing scams in particular look like, to avoid becoming an easy target. Train employees to avoid opening phishing emails that can easily lead them to download viruses or end up on malicious sites.
Have a password policy that works across the business
A business-wide password policy is an important way of protecting your organisation from online fraud in particular. Once a cybercriminal has the passwords they need, they can do some serious and far-reaching damage – much more than they may have done otherwise.
People use passwords to log into all sorts of sites and apps, from bank accounts and retailers to social media and accounting software. These all contain sensitive data.
As well as setting strong passwords, staff should know that using the same password for multiple sites or sharing their password with colleagues is not allowed. Your password policy might also require employees to change their passwords at regular intervals.
If two-factor authentication is available on accounts and sites that your business uses regularly, it’s a wise move to enable it.
What is two-factor authentication?
Two-factor authentication (sometimes written as 2FA, or MFA for Multi-Factor Authentication) is where a login attempt triggers a notification to a different device or account. For example, if you enable 2FA on your bank account so that you receive an email each time your username and password is entered. The email usually includes a confirmation code for you to enter on screen.
Check (and update) the protection on your computer systems
Cracking computer systems is what hackers are all about – and they’re expert at it. Decent antivirus software can help spot breaches early on while a strong firewall can protect your business data. Regularly backing up your files to a secure location is essential too, or even better, work securely on the cloud.
Watch out for invoice fraud
Criminals may try to amend a supplier’s payment or bank details as a way of defrauding your business. It is not unheard of for unscrupulous individuals to impersonate a real – innocent – supplier to your company, or even an employee. This may be done via email, telephone, or letter, and often they are extremely convincing.
Another favourite trick is for fraudsters to spoof an email address to appear legitimate, or infect company computers with malware. This is often ransomware.
A 2021 study by UK Finance revealed exactly how big the problem of invoice fraud is, estimating just under 5,000 cases a year of this type of scam, costing around £82 million.
Reducing the risk of invoicing fraud to your business
To help reduce the risk to your business, it’s good practice to regularly check the account details that any longer-term suppliers have on file. If someone claiming to be from the business asks you to update their payment details, don’t be afraid to call your usual contact to double-check!
When you do make payments it’s also worth offering immediate confirmation including the beneficiary’s account. This way if an error does occur, it’ll be more straightforward to see what’s happened.
Also, think about whether the details any suppliers or other organisations your company deals with are too public. Where this is the case, it could be targeted by fraudsters.
If your business is the victim of a cyber-attack, you’ll thank your lucky stars for decent insurance. This type of insurance can help mitigate any financial losses should the worst happen.
Okay so insurance won’t prevent fraud from taking place, but it can mean getting back to something resembling normal that bit quicker. It’s also wise to consider how clients and users might react if something compromises their data!
There are a number of policies out there, protecting against a range of fraud types, so take your time, do your homework, and shop around to find a policy that best fits your business’s risks.
Keep accurate (up to date) records
This one goes without saying but we can’t highlight it enough; make sure all business transactions are absolutely watertight. In other words, everything that comes in and goes out of your business must be handled, recorded, and managed properly.
If you do find fraud has occurred, you’ll be able to prove which transactions are legitimate and error-free, and which aren’t.
Review your practices around handling your business documents. Consider tools which help you store information securely, even if you need to collaborate with others.
Using a secure server is always the best course of action when sending documents and other data to employees, contractors, and customers. If a fraudster is able to get their hands on a phone number or mailing address, it’s only a very short jump to them also obtaining other personal and financial data from your business.
Be aware of online payment fraud and how to spot it
It’s easy to assume that online payment fraud is super easy to spot. After all, it’s usually large transactions surely? Well, not quite. In fact, it’s much easier to steal relatively small amounts of money repeatedly over time. For small businesses, this can be a massive headache.
Times are tough and economically many businesses are struggling with rising costs and customers tightening their belts. Even the smallest of repeated transactions can really add up, negatively impacting cash flow. It’s no secret that we’re big believers in excellent bookkeeping, but it’s useful for a business in so many ways!
Keep the fraud communication lines open – and have a robust fraud strategy in place
Regularly discuss fraud with your employees, suppliers, and other contacts so that they understand the seriousness of it for your business.
It’s useful to have an accessible fraud prevention strategy available. Whilst this is particularly true for larger business, even sole traders working alone can benefit from regular updates! As they say, prevention is better than cure.