How to avoid cybercrime and fraud in your business

How to avoid cybercrime and fraud in your business

As a small business owner, you have your hands full. Unfortunately, criminals rely on you being too busy to notice suspicious activity. Therefore you have to arm yourself with the facts to protect your business – not only against physical threats by avoiding unauthorised entry into your premises through rigorous access controls, but also against the increased threat of cyber risk where fraudsters will try to lure you into revealing sensitive information that could have a dire impact on your business.

Hire carefully

One of the best ways to protect yourself from any form of criminal conduct is to be extra vigilant when hiring staff. A 2014 study by Price Waterhouse Coopers (PwC) found that most economic crime was committed internal; 61% internal perpetrators vs the 38% external perpetrators. As an example, an employee might purchase more stock than what your business needs, then pockets or resells the extra goods. An employee could also pay invoices to an external party for fraudulent orders. If you have a fuel account, there might be a deal between petrol attendant and driver to fill up less than the amount charged, again pocketing the difference.

Protect yourself by:

  • Checking all references and asking probing questions to give a former employer time to divulge any red flags about the person you are interviewing.

  • Investing in background checks, especially for those employees who will be handling cash or have access to customer or financial data. 

  • Using social media as research on a new employee – for example LinkedIn or Facebook.

Choose the right partners

You may also be vulnerable to fraud from the business partners you use – e.g. if you outsource your IT infrastructure or cleaning services. As with hiring employees, be sure to vet all partners carefully and do your own background checks into these businesses.

Beware of cyber attacks

We have recently seen an increase in cyber attacks where personal information is compromised. Criminals use social engineering techniques to gather personal information. Social engineering relies on human interaction and often involves tricking people into breaking normal security procedures. These interactions can either happen in person, over the phone, via letters (e.g. the dreaded 419 letter) or electronically (through emails, SMS’s or via fraudulent websites).

Protect yourself by:

  • Being on the lookout for ransomware attacks: This new version of malware will hold your computer hostage until you respond with a ransom amount. Typically, someone would receive an email from a familiar contact, with a zip file attachment. NEVER click on this. If you do, a rogue computer code will spread through your computer, onto your server, if you have one, and could even get into your physical or cloud back-up. Next time you switch on your computer, your files will appear locked or erased, and a message will give you 72 hours to respond with a ransom amount. If you think you might be infected, immediately switch off your machine and seek professional IT help.

  • Encouraging a safe password policy: Teach staff to be careful with their passwords. Never save it on a desktop or write it down. Use an 8-digit password combination of upper case letters, symbols and numbers. 

Read more about Santam’s specialist cybercrime insurance here or speak to your broker about business interruption cover in case you become the victim of fraud.


Take a look here for more business advice from Santam.

Find a broker