Protecting your business from fraud

You only need to take a quick look at the articles on New Zealand’s Serious Fraud Office website to see just how common fraud offences are in our own backyard. Headlines run the gamut: from investigations of large-scale insurance and mortgage fraud, to cases of individuals defrauding their workplaces of hundreds of thousands of dollars.

Overseas, the issues are similar. In August last year, MacEwan University in Canada discovered it had been defrauded a whopping $11.8 million after staff failed to call one of its vendors to verify if emails requesting a change in banking information were correct. This error led to large amounts of money later being traced to accounts in Montreal and Hong Kong, with a lawsuit pending to try and recover the stolen money.

These ‘attacks’, in New Zealand and overseas, are the tip of the iceberg when it comes to scams designed to defraud businesses of money and information. In many scenarios, fraudulent behaviour comes as a result of having weak business systems and processes in place.

When your business is compromised with weak systems and processes, you become vulnerable to fraudulent activity. For example, we often hear about businesses being targeted by ‘brute force’ password attacks, where hackers with powerful computers make thousands of attempts to guess online passwords to try and access important accounts.

We also hear of fraudulent activity that, on the surface, seems relatively benign but can have huge consequences. These can include:

  • Issuing a false invoice to a business for payment

  • Bank accounts of vendors being changed in financial systems in order to divert payments to bank accounts controlled by fraudsters

  • Businesses’ banking controls being too relaxed (e.g. not having two-step authority sign in), making it easier for unauthorized staff to access accounts.

No matter the size of your business – whether you employ two people or 200 – it is crucial to have proven, effective IT solutions to protect your information alongside robust policies and watertight employee procedures.

Here are our top tips to minimise fraud in your business.

1. Tighten your policies and processes

Ensure your policies and processes for inputting and managing data and information are consistent and reviewed regularly. By clearly outlining instructions in an official document, your policies and processes become the ‘rules’ for managing data and information, and will help safeguard your business against fraudulent behavior.

2. Train your team

Make sure your employees know your business’ policies and processes inside and out. For example, do you have a set of authentication rules to follow when a client advises a change in bank account details? Do you have two-person signing authority on financial transactions? Whatever your rules are, make sure your employees know them inside and out

3. Invest in the right IT systems for your business

Your IT systems should work alongside your business’ policies and employees to protect your data. As a starting point, every business should have a firewall, anti-virus, malware and spyware detection software, with data backed up every day to the Cloud or an external server. Passwords should also be changed regularly.

The team at BES can meet with you to discuss your business processes and help pinpoint any issues that need taking care of.