Not all fraud is blatantly obvious – or even intentional. Having safeguards in place to catch inconsistencies and deter theft is the best way to protect your business.
When most people think about business fraud, their minds immediately jump to big corporations, greedy C-level employees, and complicated schemes. The truth is, however, most business fraud doesn’t make national news, and doesn’t impact big businesses. It frequently happens on a smaller scale to smaller businesses, and quite often when employees are involved, it’s not even intentional on their part.
Cybercrime still relies heavily on social engineering tactics, smoothly tricking employees into becoming unwitting accomplices – often without them or anyone else being any the wiser until it’s too late. Scammers looking to steal funds rather than data have a series of tried and true methods of getting the access they need, and without checks and balances in place to verify that money and information is coming and going only as it should, they can succeed more often than not.
Making changes to the way your business deals with these 8 areas of your operations can help to catch unauthorized transactions and uncover suspicious activity – both within your organization and from exterior sources.
Cash Flow and Bank Statements
Placing a single employee — one who IS NOT authorized to make or approve monetary transactions of any kind — in charge of opening bank and credit card statements and reviewing signed checks, purchase orders, and expense reports and reimbursement requests is a simple way to catch fishy transactions. Have statements delivered to this employee unopened, guaranteeing they’ll be the first person to see them. This will stop employees from trying to cover their tracks, either with malicious intent or because they’re trying to hide a mistake.
Making it mandatory for any employee with spending or purchasing power to pass a background check and a credit check is also a smart idea.
Payments and Purchases
Depending on the size of your team and whether or not you have multiple offices, designating a single person – preferably the owner, CEO, or CFO – to sign checks and authorize payments and purchase orders will cut down on the number of people able to access your business’ funds. Have your accounting department filter all of their requests through this single individual, and require their permission to process any form of payment or money transfer.
With a single person keeping tabs on the money flowing in and out of your accounts, it’s easier to spot phishing attempts that use spoofed emails to request money be moved to a fictitious account that supposedly belongs to a partner or client.
Ensure that only management has the ability to add new vendors to your system. Not only is a phony vendor a common way for an employee to skim funds undetected, it’s also possible for a hacker who has quietly gained access to your network to do so as well. Every new vendor should be thoroughly vetted by the business owner before any information is shared with them, or any money changes hands.
Payroll and Employees
As with vendors, a phony employee tacked onto the payroll is an easy way for a hacker to steal funds without raising suspicion. A fake employee scam is much harder to pull off when you have a small team working in a central office, but if your business relies on remote employees or contractors, it’s crucial that only the business owner be able to approve names added to the payroll.
All paychecks should be reviewed and signed off on by a single person — again, ideally the owner or CFO — and any requests for vacation pay, bonuses, raises, or other payouts submitted by HR or Accounting need to be approved by that same person.
When working with an outside company – such as an IT provider – either for a specific project or as part of an ongoing agreement, it’s critical that you take the time to verify they are a legitimate company. Monthly payments or ongoing expenses should be reviewed thoroughly before any payouts are approved. If a project is over budget or new expenses have been added to an existing agreement, speak with your subcontractor right away to verify that these additional charges are coming from them – and with good reason.
Policies and Procedures
The only thing more important than having policies and procedures in place that dictate when and how purchases and payments can be approved is how well they’re enforced. Having a zero-exceptions rule in place for all employees, regardless of their position within the company, can help keep unauthorized transactions from slipping through the cracks. If you get into the habit of shrugging off unusual payments by assuming someone who works closely with the boss or CFO put them through without prior authorization, a hacker or scammer can easily slip a phony request for funds into the right inbox and get away with a theft undetected.
While much less common than phishing emails asking for funds to be transferred, your inventory system can still pose a risk to your business where theft and fraud are concerned. Much like with phony vendors or employees, it’s much more likely that someone inside your business would intentionally alter or falsify inventory reports for financial gain. That being said, it’s still possible for a hacker who has access to your network to use your inventory system to profit off of your business.
Having a single employee who isn’t authorized to approve purchases or payments verify that inventory counts are accurate and purchase requests are legitimate can catch discrepancies that can lead to a financial loss for your business.
Creating a system of accountability and oversight can spot suspicious activity throughout your organization. This type of system, paired with up to date and properly managed and maintaining network security measures, can protect your business against the financial and reputational damage of theft and fraud – whatever the source may be.
Get in touch with Data Magic Computer Services today at (469) 635-5500 or firstname.lastname@example.org to learn more about the industry-leading network security services we can offer your business.