As a small business owner, you have your hands full. Unfortunately, criminals rely on you being too busy to notice suspicious activity. Therefore, you have to arm yourself with the facts to protect your business against physical threats – e.g. access controls to avoid unauthorised entry into your premises – as well as cyber risks – where fraudsters are trying to lure you into revealing sensitive information. Here is Santam’s advice on how to avoid fraud in your small business.
One of the best ways to protect yourself from any form of criminal conduct is to be careful with the staff you hire. A 2014 study by Price Waterhouse Coopers (PwC) found that most economic crime was committed internal; 61% internal perpetrators vs the 38% external perpetrators. During stock purchases, an employee might buy more goods than your business needs, then pocket or resell the extra goods. An employee could also pay invoices to an external party for fraudulent orders. If you have a fuel account, there might be a deal between petrol attendant and driver to fill up less than the amount charged, again pocketing the difference.
Protect yourself by:
Checking all references and asking probing questions to give a former employer time to divulge any red flags about the person you are interviewing.
Investing in background checks, especially for those employees who will be handling cash or have access to customer or financial data.
Using social media as research on a new employee – for example LinkedIn or Facebook.
Choose the right partners
You may also be vulnerable to fraud from the business partners you use – e.g. if you outsource your IT infrastructure or cleaning services. As with hiring employees, be sure to vet all partners carefully and do your own background checks into these businesses.
Beware of cyber attacks
We have recently seen an increase in cyber attacks where personal information is compromised. Criminals use social engineering techniques to gather personal information. Social engineering relies on human interaction and often involves tricking people into breaking normal security procedures. These interactions can either happen in person, over the phone, via correspondence (e.g. the dreaded 419 letter), or via a computer (emails, SMS or a fraudulent website).
Protect yourself by:
Being on the lookout for ransomware attacks: This new version of malware will hold your computer hostage until you respond with a ransom amount. Typically, someone would receive an email from a familiar contact, with a zip file attachment. NEVER click on this. If you do, a rogue computer code will spread through your computer, onto your server, if you have one, and could even get into your physical or cloud back-up. Next time you switch on your computer, your files will appear locked or erased, and a message will give you 72 hours to respond with a ransom amount. If you think you might be infected, immediately switch off your machine and seek professional IT help.
Encouraging a safe password policy: Teach staff to be careful with their passwords. Never save it on a desktop or write it down. Use an 8-digit password combination of upper case letters, symbols and numbers. Did you know that a simple 6-letter password will take a hacker 10 minutes to crack but the 8-digit one described above would take them 463 years?* Get more tips on password security here.
Read more about Santam’s specialist cybercrime insurance here or speak to your broker about business interruption cover in case you become the victim of fraud.
Take a look here for more business advice from Santam.