Keep Your Business Safe by Teaching Employees to Spot Fraud
Preventing and detecting financial fraud should be top of mind for all small businesses. In fact, according to a 2022 report by the Association of Certified Fraud Examiners, private and small businesses are 42% more likely to experience occupational fraud compared to large corporations, nonprofits, and government organizations.
While most businesses are concerned with financial fraud, there may be an overall lack of understanding about common ways fraud happens and how to mitigate risk exposure. As such, teaching your employees to spot and prevent financial fraud should not be ignored. To help you take a more proactive approach to managing financial fraud, Joe Broz, fraud program lead at Old National Bank, and Kim Heidrich, treasury management product manager at Old National Bank share insights to help business owners.
Complete a Fraud Risk Assessment
Conducting a risk assessment — no matter how simple — will help your business identify and close control gaps to help prevent losses from occurring. There are risk assessment templates for businesses of all sizes and industries to help you determine what your business needs to look for in terms of any gaps and risks. In addition, it is the main way to create employee buy-in.
“Once the risk assessment is complete, it should go to other departments or key employees who can then challenge the findings or affirm them,” says Joe Broz, fraud program lead at Old National Bank. “Having a thorough peer review helps determine whatever tasks are necessary to close the gaps.”
Completing a fraud risk assessment doesn’t have to be overwhelming or complicated — keep it simple if you’re just getting started. Once you have completed the assessment and identified any gaps, share it with your team to help determine your next steps. For example, next steps could be to ensure all employees update their computer log-in passwords every 90 days; or review the business' current fraud awareness training program.
Conduct Fraud Education on Common Scams
According to Broz, business email compromise is one of the most damaging financial scams small business owners may face.
“This type of scam manifests itself as a fictitious email coming to the business owner or employee, or an email going out to another business, client, or vendor purportedly from the business owner,” he says. “In either situation, scammers are trying to trick you into initiating a new payment, or they're trying to alter an existing payment. Either way, transmitted funds will land in the hands of someone other than who the sender intended."
The most simple and effective way to protect against business email compromise losses involves verifying any changes in payment instructions with the vendor or client itself. “If you get instructions via email to change payment, pick up the phone instead of emailing back on a potentially corrupted communication channel,” Broz says. “Pick up the phone and call that trusted person at the vendor and say I just received an email that we're changing the payment instructions; I want to confirm that with you.”
Measures such as dual control — when you have at least two individuals involved in the business transaction approval process — is another way to proactively manage and prevent fraud. Using the email phishing example above, if there is a change of payment request, the employee who receives it will also have another person verify the request is legitimate. Broz says having dual controls and verifying payment instructions can help stop the majority of these attacks.
Review Tech Stacks and How Information Flows
Having outdated technology or software leaves your business vulnerable to financial fraud. Old systems are more likely to be vulnerable to scammers as they may lack the latest security updates and may no longer be supported by manufacturers.
Even if your business tries to be as secure as possible, information may get released. According to Broz, “There's a treasure trove of information in your email. Hackers can determine information like who will be away on vacation,” With this information, an attack could get designed and scheduled to occur when those employees are out of the office.
Establish and Evaluate Internal Controls
Segregation of duties, or dual control, is an important component of internal control that can reduce the risk of fraud from occurring and protect your business from financial fraud.
Kim Heidrich, treasury management product manager at Old National Bank, says cases of employee fraud are commonly the result of various tasks being completed by one individual whereas, implementing segregation of duties (dual control) is designed to prevent fraud by ensuring that at least two individuals are responsible for the separate parts of any task so that no one person is solely in control.
“I've seen cases of employee fraud that have gone undetected for years due to poor or non-existent account monitoring practices. Preventing fraud is much easier than recovering your losses after a fraud has been committed, says Heidrich. A business should never allow one individual to have total control of a process.
By having at least two people involved in each process rather than one, there’s a lower risk of fraud or human error. As part of your risk assessment review, consider who has access to information, where it gets sent, and whether existing internal processes help to manage the flow.
Partner With Your Financial Institution
Consult with your financial institution to review the comprehensive fraud mitigation services available. These services will provide you with the tools you need to help protect your business from unauthorized account activity.
For example, Check Positive Pay is a fraud mitigation service that provides early detection of fraudulent, altered, or counterfeit checks through a daily verification process. When checks are presented for payment, they are systematically compared to the client’s check issue file. Checks that match are paid and checks that deviate from the check issue file will be presented as an exception item. Using the check information as a digital image, the item is reviewed in order to decide whether to pay or return the check. While there may be some additional costs to implementing this type of service, it’s less expensive than if a fraud incident or exposure were to occur.
In addition, take a good look at your online banking platform and utilize its valuable safety features—such as dual control and administration approval. These tools can be effective in neutralizing threats if a computer is infected with destructive software like keyloggers - which can record your keystrokes to decode banking credentials - or Trojan viruses - malicious programs disguised as legitimate ones. Combining both dual control and administration approval brings significant improvements to your company’s financial management as well as a marked reduction in fraud risk. Moreover, these tools come at no extra costs which further benefits smaller businesses operating on tight budgets.
Leverage Credible Anti-Fraud Resources
Aside from the anti-fraud resources your financial institution provides, it’s important to do your own research to find additional resources. For example, the U.S. Small Business Administration (SBA) and FBI each have their own online resources to help your business prevent, spot, and mitigate fraud. Business owners can start there to help close vulnerability gaps and to keep up to date on the latest scams.
Ultimately, mitigating financial fraud comes down to having buy-in company-wide — it’s not just the responsibility of a single department.
“There needs to be active participation, where every employee from business owners to new hires are in a position to report fraud or unauthorized transactions so that there is limited damage, and maybe even reverse them,” Broz says.
Having the right protocols to mitigate fraud and a plan when it occurs doesn’t necessarily need to be complicated or expensive. The best place to start is to conduct a simple risk assessment, review your tech stack, and implement dual controls where appropriate. Once you have a workable plan, take the time to review it annually and focus on creating buy-in from your employees to help reduce risk.