Preventing Small Business Financial Fraud

Financial fraud is rampant, and small businesses are often prime targets. If you’re a business owner, the latest fraud statistics make uncomfortable reading – according to a report issued in 2022 by the Associated of Certified Fraud Examiners, an estimated US$4.7 trillion globally is lost to fraud every year, and that’s likely a conservative number.

Cybercriminals use traditional and sophisticated methods to take over business accounts, spoof identities, and steal funds. Like your personal accounts, a routine activity like opening an email or visiting a website can create vulnerabilities. Unlike your personal accounts, not only do you have to worry about your activities, but those of anyone with access to your computer network or bank accounts.

Recognizing Scams and Fraud

While recognizing fraud and scams isn’t always easy, your first line of defense must include an understanding of the various types of account fraud. The most common types of scams and bank account fraud include:

1. Phishing. Phishing occurs when a scammer uses an email or text message in an attempt to trick you into sharing your personal and/or financial information. The FTC offers some great information about recognizing and avoiding phishing attempts.
2. Payments fraud. Check fraud has been around as long checks have been used, but now you must also be aware of ACH and wire transfer fraud, as well as peer-to-peer (P2P) payment scams.
3. Account takeover. If a cybercriminal is able to access employee credentials, they can be used to access accounts.
4. Internal fraud. Rogue employees can wreak havoc with your accounts.

Your Bank and Banker

Another key factor in your first line of defense is your bank. Your banker should work with you to identify the financial services you need and work with you to ensure appropriate safeguards are in place. (For example, if your business accepts check or ACH payments, ensure you have fraud prevention measures like Positive Pay.) Discuss account protection and fraud mitigation services and be sure you understand your company’s options. Your banker can explain the programs available to help ensure funds transfers, payroll requests, and withdrawals are legitimate, accurate, and authorized.

The American Bankers Association (ABA) suggests that business owners ask about:

• Positive Pay
• Device authentication
• Multi-person approval processes
• Batch limits

Cybersecurity

Next, you must understand your company’s cybersecurity and ensure you take a multilayered approach to security. It’s important to protect your cyber environment just as much – if not more – as you would your cash and physical location.

Initial steps you should take to prevent hacking and cyber-attacks include:

1. Using email spam filters
2. Blocking or limited access to suspicious websites
3. Utilizing password management tools
4. Using multifactor authentication
5. Monitoring network traffic
6. Block use of unprotected internet connections
7. Maintaining an incident response and recovery plan
8. Updating both firmware and software regularly

Google provides a great Security Checklist for small businesses with 1 – 100 users. In addition, the FCC provides tips that are different from those provided by Google. The Small Business Administration (SBA) hosts an annual Cyber Summit, in addition to training and events throughout the year.

Employee Training

Although it’s hard to rank the importance of these steps, educating your employees is definitely toward the top of the list. Implementing an employee cybersecurity training program is one of your most effective lines of defense, as employees and their work-related communications are a leading cause of data breaches. Training employees on basic best internet usage practices can go a long way in preventing cyberattacks.

There are resources for free to low-cost employee training programs, including:

• Cybersecurity & Infrastructure Security Agency Cybersecurity Training Programs
• U.S. Department of Health & Human Services Security Awareness and Training
• Google’s Improve Your Online Business Security
• SANS Cyber Security Resources

Physical Security

While cybersecurity and protecting your networks is paramount, don’t forget to protect your physical documents as well. Be sure your employees don’t leave financial information in public areas and use a shredder to destroy financial documents before throwing them away. Though it gets less attention, dumpster diving still happens and you don’t want to just hand scammers the information they need.

Another key step in preventing financial fraud is diligently monitoring your accounts for suspicious activity. If you do notice anything, you should contact your bank immediately. The earlier you can catch attempted fraud, the easier it will be to address activity that’s already taken place and block any further transactions.

It’s also smart to limit the number of employees who can access your financial accounts and to include a system of checks and balances into your accounting and payroll systems. Accounting programs can help you maintain records and identify issues, while independent auditors can uncover potential vulnerabilities or problems with your processes or systems.

As you can see, there are several steps you can take to protect both your accounts and your network from scams and fraud. This is why it's important to have an IT Professional and Banker at your table.

The views, information, or opinions expressed in this article are solely those of the author and do not necessarily represent the views of Citizens State Bank and its affiliates, and Citizens State Bank is not responsible for and does not verify the accuracy of any information contained in this article or items hyperlinked within. This is for informational purposes and is no way intended to provide legal advice.