The likelihood of fraud attempts against SME businesses is increasing constantly. This is in part due to the global integration of online systems so that they now form the backbone of most trading organisations. The current fraud environment is a hybrid of applying long established methods alongside the easy and worldwide access provided by the internet.
Professional Fraudsters are always actively looking for opportunities to be able to steal money from businesses. They are constantly trying to identify signs of weakness in a company’s systems or processes to exploit for personal gain. The move to unfettered global communication through web-based systems means there is now a greater opportunity for fraudsters to attack businesses than at any other time in our history. Fraudsters can now come from organised criminal teams operating from foreign jurisdictions, or they may still hide within communities and use local knowledge and connections to commit fraud.
When will fraud usually happen?
Fraud attempts can be made in multiple ways, but they focus on utilizing a business’ existing practices and manipulating them to their benefit. They can do this through the supply chain of goods, services, or people. For example, in a well organised fraud, an employee who turns out to be rogue, may infiltrate an organisation and end up in a trusted position, where they are given access and are responsible for important components of a business and they can directly access and impact financial approvals.
For example, working with external fraudsters, the rogue employee may place an order for a product that is below standard or agree to overpriced goods. In a worst case scenario, they may gain access to the business’s banking and finance systems and therefore could allow illicit payments to be made. As a prerequisite, it is essential to maintain effective accounting and banking practices to try to mitigate the risks of payments that appear dubious by size or nature, leaving the company’s bank in the first place.
How can I protect my business from fraud?
If the worst does occur, and a business becomes exposed to fraud, it is difficult to recover the losses and, even if a criminal prosecution is successful, it could take several years to get any part of the stolen money back. As a result, having a prevention strategy is the best way to protect your business against this type of criminal activity and there are some basic suggestions which can help:
Keep online systems up to date
The first step to ensure your business is protected against internet-based fraud attempts is to ensure that all the online systems are frequently updated and adequately protected, making use of professional help if necessary. Unfortunately, fraud is becoming harder to prevent as reliance on technology has seen exponential growth in the number of cyber fraud attempts. It is a mandatory prior condition that all technology has the most up-to-date security and operating software to ensure your cyber environment is protected. This will help businesses against ransomware attacks, which can infiltrate systems and render them inoperable until the inevitable ransom demands are met by the business owner, or the entire computer operating system is rebuilt.
Provide training for staff on the risks of fraud and how to identify it
Even in the largest organisations all it takes is for one employee to click on a phishing link in an email to cause the whole company to be compromised. Companies which have high revenue levels are more likely targets for fraudsters to choose, so comprehensive fraud prevention training and education is recommended for all the staff.
TRAIN STAFF HOW TO SPOT POTENTIAL FRAUDULENT EMAILS
An important area of training is teaching the staff how to spot a potential fraudulent email. This could be as simple as looking for missing letters or other small irregularities, that might imply that the person who has sent the email is not who they appear to be. Fraud attempts are becoming more organised and sophisticated and sometimes fraudsters will even impersonate a company’s existing supplier, which can make identifying the threat even less likely. The bogus fraudulent supplier is probably contacting the business using a slightly different email address or asking for payment with new banking details, so employees need to be aware to check such details and be able to spot anomalies.
Check and Check Again
If a business receives a suspicious email, it is vital to be vigilant and carefully check the details before sending a response or interacting further with the fraudster. Fraudsters, including those who engage in ransomware attacks, will try to make emails look as real as possible and as if they have been sent from an authentic email address. They often make minor spelling amendments, for example using a “1” for a “l”, or a “0” for an “O”.
COMPARE THE DETAILS OF YOUR EMAILS
When people are quickly clicking through their inbox, these are small things that can easily be missed. If you notice something that doesn’t look right, the best way to determine if a communication is authentic or fraudulent is to compare the details against existing information (if applicable) or checking things via another route but never to click on the suspect email or attachments.
Save or copy key documents and information to a secure offline environment
In the digital world of today, it is practically impossible to be able to conduct business without the use of online systems to operate core functions, including payroll and ecommerce. Unfortunately, our reliance on online systems has put key information at a greater risk if the systems are compromised such as when malware infiltrates a system. If this occurs it is usually very challenging to reset or restore the systems to how they were previously, and in some situations, they will never be the same again. Although investing money into setting up a mirrored back-up system can be effective, it is a costly addition, and this is not a definite measure to ensure that the same fraud will never happen again.
SAVE YOUR VITAL DOCUMENTS
Resetting the systems to the point that they were at before the fraudulent attack also does not automatically solve the issue either; malware can attach itself to data without being noticed and then remain in the system unless someone notices it and actively negates it. One approach to mitigate the risk of malware attacks is to save vital documents, for example legal title documents; core banking information and customers’ and employees’ financial information, to an offline location, so that fraudsters can’t steal or compromise them and they can be restored to a clean system. Employing professional and specialist IT security advice may well be a necessary step if it cannot be done inhouse.
Follow your instincts
Business owners often cannot comprehend that an employee or long-term supplier would not only be disloyal, but potentially undermine their business through fraud. In some cases, business owners may wait months or longer before seeking professional help, which means it is usually too late to prevent large fraud losses and also significantly decreases any prospect of recovering stolen funds. Therefore, when suspicions of fraud arise it is very important that management immediately act on their suspicions and take action including obtaining external expert support and advice when necessary. Fraudsters will not stop until they are caught or interrupted, and matters will deteriorate.
PUT IN PLACE PREVENTATIVE MEASURES
A key thing to keep in mind is that fraudsters attack businesses to create profits for themselves and they are good at what they do. They disregard the consequences that their actions will have on the business or its employees. Putting in place preventative measures by keeping systems up to date and ensuring staff have received comprehensive training to spot fraudulent activity will provide some protection, however if the worst happens, and the business does become exposed to fraud, having the knowledge of how to control and limit the damage and protect stakeholders’ interests is vital.