Protecting Your Business from Fraud and Cybercrimes
Stories of fraud and cybercrimes have become commonplace. According to PwC’s Global Economic Crime and Fraud Survey 2022 46% of companies surveyed reported experiencing fraud, corruption and economic crimes in a two-year period immediately preceding the survey. Fraud takes many forms including payroll fraud, asset misappropriation (including embezzlement), tax fraud, data and identity theft, and corruption. While there is not a single method to ensure your business will not be the victim of fraud, there are a combination of measures that you can take in order to safeguard against an attack.
Preventing Fraud; Systems and Procedures
The best policy is to detect and prevent attempts to infiltrate your company by monitoring and regularly reviewing financial records, not sharing sensitive financial information, limiting access and permissions, setting up checks and balances between different employees or departments, and calling creditors to confirm payment instructions.
Running background checks on employees that have access to sensitive information, credit reports and background checks on potential customers and vendors, and purchasing identity theft/ computer fraud insurance can further protect your business. Proceeding with caution and following established procedures will help you detect and prevent fraud, but even the most careful entrepreneurs may find themselves the victims of fraud and will need to take mitigating measures. If your company has already been the victim of fraud, follow the steps outlined in this Article.
Understand How Fraud Happens and Educate Your Staff
A lot of fraudulent activity is easily detectible. Anyone calling your business demanding immediate payment will tip you off that something is amiss. However, some many create a sense of urgency and intimidation by employing a narrative that makes sense to you. Scammers often infiltrate businesses by making themselves believable – they learn about your business, trade practices, policies and pretend to be connected to people and businesses that you know. Do not provide or verify any information about your business over the telephone. Fraudsters will often attempt to piece together information from various sources in order to perpetuate their scams.
Sophisticated scams are difficult to spot immediately. As mentioned before, fraudsters will tell you a story that seems familiar and reference people and businesses which you know. They will also create a sense of urgency. Sometimes it is not about receiving payment - it can also be about receiving or selling products or services, and avoiding negative consequences to you, your business, or people you know. Slow it down.
Ask to call them back. Verify their story by calling sources that they reference. Scrutinize invoices, emails, phone numbers and other information you are provided. Do not agree to any terms (buying or selling products or making payments) until such time as you are able to verify the truthfulness of what you have been told. Establishing multiple contacts with clients and vendors will facilitate verifying information and testing the veracity of the story you are being told.
Secure your Network
Information that is used against your company is often obtained through some network breach. It could be the name of a client, account numbers, or checks drawn by your company that the fraudsters clone. Additionally, high jacking your network so that you cannot access information and systems and agreeing to release the same for payment has become a popular form of extortion. Phishing scams, wire fraud, and other forms of fraud typically begin with some failure in the network or visiting a website that has nothing to do with work. Your network should be secure and employees should be educated not to respond to emails that request information or change the terms of a contract or provide new payment instructions.
Part of securing your network is having a computer dedicated to online banking. Your IT administrator should know how this computer is used. Additionally, your company should have a password policy. All passwords should have sufficient complexity and length (15 characters) and changed periodically (6 months for local admin passwords and 1 year for account passwords is recommended). There are several fraud management systems that you can integrate into your network to screen transactions in real time. For more information on how to secure your network read 18 Ways to Secure Your Devices from Hackers.
Have Accounts Payable & Accounts Receivable Systems and Procedures
Do not pay for supplies and services you did not order. The FTC advises that you do not return these products as well. Your office should have one person (or no more than a few people) to deal with accounts payable so that they can identify unauthorized vendors. Only a small group of employees should be able to place orders and approve bills. Before payments are made, instructions should be verified by phone. Changes to payment instructions should always be viewed skeptically and verified by calling a phone line that has already been established with the vendor.
There are insurance policies your business can purchase to cover losses resulting from various types of fraud. Such insurance policies may include general business liability insurance, fraud insurance, fraud protection, crime insurance, and accounts receivable insurance. The coverage depends on the type of policy, its exceptions, and the facts of the incident. Review these policies carefully and ask the broker to clarify any terms which you do not understand. In addition to exceptions, make sure you are clear on any conditions the policy places on the insured business.
If your business become the victim of fraud, report the crime to the U.S. Department of Justice, the Federal Trade Commission, and the State Attorney General. Additionally, you will want to file a police report with the law enforcement agency with jurisdiction where the crime took place. How do you decide where the crime took place? If the fraud was conducted by means of email, phone or other remote means (examples of these would include payroll fraud, wire fraud, or fake invoices), then you would report the crime to the local law enforcement where your business is located. For crimes like check fraud where the check was deposited or cashed at a certain location or merchandise that was acquired fraudulently, the police department with jurisdiction over that location should receive the report.
Speak with an Attorney
Sometimes it helps to seek preventative advice from legal counsel.An experienced business law attorney can assist in establishing procedures, educating you and your staff and in procuring the correct insurance policies.To learn more about VAdam Law and schedule a free consultation, visit our online scheduling portal or call 24 hours a day.