Fraud Alert: How To Protect Your Business From Hackers

The battle against fraud and data theft is very real. There's no better time than right now to assess your business's security practices.
Faith in Focus Columnist, The News & Observer Publishing Company
January 21, 2014

Your small business is your baby, and it's hard to imagine that anyone on the inside—or the outside—would do anything to harm it. But the fact of the matter is, fraud is out there, and if we learned anything from the Target ordeal, it's that all businesses, big and small, need to step up the fight against fraud.

Accept And Assess

But where to start? The first thing you need to do is come to terms with the fact that fraud happens.

"Irrespective of size, businesses should be mindful that anyone is capable of fraud," says Calvin Harris, Jr., president of change management at Harvin Consulting, a firm that assists startup companies. "Maintaining a system of checks and balances is needed."

"All businesses are subject to both internal and external fraud," agrees Daniel Draz, a certified fraud examiner and principal at Fraud Solutions in the Chicago area. "Fraud losses average approximately 5 percent of annual revenues globally."

Next, you need to take a very close look at your business and assess your security processes. "The end of the year or beginning of the new year is always a good time to conduct anti-fraud assessments," Draz says.

There isn't a one-size-fits-all fraud assessment model, he explains, but there are some common areas to investigate: "Areas for inclusion in an anti-fraud assessment are dictated by potential risk and exposure," Draz says. "Risk is not always financial and in these times the threat of data or information loss is always significant and should be included in the assessment."

The security breach at Target proves that businesses of any size can be compromised by hackers. Management at Target estimates as many as 70 million customers may have been affected by the breach that involved the theft of customers' names, credit and debit card numbers, expiration dates and security codes.

Policy Evaluation

Draz says companies should evaluate current policies about handling and storing consumer data and information to ensure the most secure practices are in place. The policy should include length of time the information is stored and how it will eventually be destroyed.

Protecting sensitive information requires evaluating all areas of technology within the business. Draz says those layers include the security of Internet applications as well as log-in, authentication and password policies. And don't forget all the different technological tools you and your employees are using at work.

"What are the information security policies concerning cellular telephones, especially smartphones, as well as tablets, laptops and landlines? Are remote access policies in place?" Draz asks.

Draz also advises evaluating employee guidelines for using social media, in an effort to keep trade secrets secret.

Keep Your Eye On The Money

While looking over internal policies, make sure you cast your eye toward your accounting practices. The money trail needs to be a tight and secure path to prevent fraud. Draz suggests looking at the internal controls for how the accounting is done, how the cash is handled, who is supervising the payroll and how the bills are being paid. Ensure that each dollar that comes in and goes out is on the books.

And while the cash flow may be an obvious place to keep secure, Draz says you should check expense reports. Travel expenditures require careful review because they're a place where fraud can easily occur.

Managing Your Risk

Diving deeply into each of these sections of your business to fight fraud can be an enormous project. "It is very challenging to have this type of review handled internally, especially if it involves the very staff responsible for those processes," Harris says. "Outside impartial eyes are best."

Harris says it can be difficult, but not impossible, for a small firm to find those impartial eyes on the inside.

"If you have credit card statements, someone outside of credit card processing should review statements for unusual items. For bank accounts, someone outside of the cash receipt and payment process should review statements. Admittedly, this is tougher for smaller organizations, which is why more and more companies occasionally hire outside reviewers, auditors or consultants to manage their risk," Harris says.

A Never-Ending Battle

The beginning of the new year brings with it the energy to get organized for the year ahead and evaluate what's working when it comes to your business. But don't think fighting fraud is an annual task.

"Business owners need to be ever-vigilant all year long, because anti-fraud programs are not 'one-time' efforts. They need to be fluid," Draz says. "The reality is that fraud is a dynamic, constantly changing threat where the 'bad actors' continually adapt to the fraud prevention mechanisms being used to thwart them and look for business vulnerabilities. As a result, fraud is not solved once a year with a static, predictable anti-fraud checkup."

Carla Turchetti is a veteran print and broadcast journalist with a passion for money matters and the stories behind the world of small business and personal finance.

Read more articles on security.

Photo: Getty Images

Faith in Focus Columnist, The News & Observer Publishing Company