The prevalence of companies being defrauded is on the rise, and the risk is usually greater in small and medium sized businesses. Small businesses have less sophisticated systems and processes to guard against criminal behavior and tend to have a more intimate relationship with staff and work under the assumption ‘they’re always going to do the right thing’.

The threat of deception is very real and, unfortunately often, it can come from within your business.

Internal fraud is defined by the Association of Certified Fraud Examiners (“ACFE”) as ‘the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organisation’s resources or assets’.

Quite often this can take the form of theft of cash, stock or other assets and attempts may then be made to cover this up through deliberate misstatement of transactions in the accounting system of the business. Employees, managers and owners may also claim fake expenditure or misuse company property or assets. Externally, cyber and online security breaches are increasingly common through hacking and online phishing schemes.

While it is a digital age, fraudsters still resort to more `old school’ deception and tactics to rip off businesses, including:

  • Invoicing for goods or services not actually provided
  • Bribing employees
  • Providing incorrect bank account information for payment
  • Returning stolen products for refunds.

Put simply, every business is at risk of being a fraud target.

How to reduce your fraud risk

  1. Review internal roles and processes and ensure that not all accounting and cash-related tasks for the business are controlled by one person. Introduce a two-person sign off for transactions for online banking and ensure that any change to bank details of accounts payable should be processed in your online accounting system after phone call confirmation, not just an update via email.
  2. Monitor your bank accounts for any suspicious activity regularly, and report any unusual activity or items you do not recognize to the organization or your bank.
  3. Update and upgrade your insurance and IT software systems to ensure that you have the best online protection of your data and your clients’ data. Most business insurers now have a ‘cyber insurance’ policy add on.
  4. Keep your business information safe – don’t publish sensitive data on your website or social media and ensure only the right level of employees have access to the right information. For example, if an employee leaves, remove their online access to your MYOB datafile. Also, be careful about who has access to your business credit cards.
  5. Get help if you are suspicious or something doesn’t make sense no matter how minor something may seem. If the information you have doesn’t seem right or your gut instinct tells you so, seek help.

If you have been a victim of fraud, contact the police and your insurers as soon as possible. The Australian Cybercrime Online Reporting Network (“ACORN”) is an online reporting system where you can securely report cybercrime, and offers advice regarding cyber and online crime.