Unthinkable – how could an employee possibly steal from your business? Someone you see and work with every day, no less. They might as well be filching from their own paychecks.
Sad to say, but a new survey from Hiscox reveals that the unthinkable is not only true, but it happens to small businesses more often than we could have guessed. Here are some shocking takeaways:
- 81 percent of check fraud happened at organizations with 50 or fewer employees.
- 80 percent of credit card fraud happened at businesses with 50 or fewer employees.
- 53 percent of thefts were committed by employees with senior roles.
- 43 percent of thefts were committed by non-management employees.
- Retail businesses, healthcare businesses, and nonprofits were the biggest targets, suffering median losses of $606,012, $446,000, and $202,775, respectively.
Couple these findings with research from ACE Group that shows 24 percent of insider misuse data breaches stem from former employees, and it looks like you have your work cut out for you.
This isn't to say all small-business employees are thieves. Rather, it's a reminder that given the means and opportunity, you can never be sure what people will or won't do. It also reinforces the fact that investing in data security isn't a lofty goal – it has measurable, short-term benefits that keep your finances in check.
Let's review how managing security can cut down not only your data breach exposures, but also your fraud risks.
Managing Risks, Taking Names
When devising your business's security strategy, it's imperative to think about who has access to sensitive data and to limit that access as much as possible. As we note in "Treat Your Data Like a Picnic Basket to Minimize Breach Damage," segmenting access ensures you can…
- Quickly pinpoint where the loss is coming from.
- Minimize the amount of theft or misuse.
The Hiscox study does mention that the people you trust with this access may be the ones who ultimately exploit it. After all, employees with long tenure are the most likely to commit fraud. But the survey also notes that the creating the 'perception of detection' can be a formidable deterrent. Essentially, that means you ensure employees know that someone is watching and any schemes to pilfer the goods will be quickly thwarted.
How can you do that? Here are some tips:
- Create a formal fraud policy. This is key to increasing the perception of detection. Train your employees on this policy so they know you're on the lookout for suspicious activity and you have controls in place to catch it.
- Send bank statements directly to your home. That way, the statements can't be falsified later. Also, this gives you the chance to compare financial statements against the budget and investigate anomalies.
- Check payroll reports. You might want to compare cancelled checks to invoices just to be sure nothing fishy is happening.
- Personally sign all checks. Signature stamps can easily be swiped and misused. If you must use a stamp, keep it locked away where only you can access it.
- Create policies for credit purchases. This should outline how purchases are made and reported and acceptable expenditures. Be sure accounts have strict spending limits.
For more tips on how to keep your sensitive data under close guard, read "5 Business Events that Should Trigger Password Changes."