by Ernie Rossi, Audit Partner at Sensiba San Filippo
Fraud and identity theft is a constant concern for both individuals and businesses. Hackers and thieves use various types of schemes to con millions of people and businesses each year.
Here are some practical tips to help keep business owners and individuals alert, prepared and guarded against fraud:
Fraud prevention for business.
1. Create a positive work environment.
Employees can be one of the most overlooked sources of business fraud. It may sound simple, but creating a positive work environment can help boost morale and prevent disgruntled employees down the road.
2. Create a code of conduct and fraud policy.
The company should have clear boundaries and policies in place, such as a Code of Conduct and Fraud Policy. The policies should be revisited and updated periodically to keep up with advancing technologies.
3. Conflict of interest policies.
Requesting that your employees disclose any conflict of interest with clients or vendors can help keep you protected and aware of potential collusion.
4. BYOD security.
With current technology, employees can access the company network from various devices (iPads, smartphones, laptops, watches). Bring your own device (BYOD) security, like encryption software policies, is critical for ensuring that controls are in place to keep those devices secure and the network safe.
5. Protect credit cards and bank accounts.
If you’re a small business owner, make sure that your credit cards and bank accounts are properly separated for personal use and business use to prevent misappropriation of assets.
6. Hire the right people.
If an employee steals or commits fraud, it’s likely not their first time. Implementing background checks as part of your hiring process is a helpful way of preventing serial fraudsters from joining your workforce.
7. Monitor internet usage.
Have your IT department install firewalls on all employee computers, including laptops for remote access. Also, monitoring internet usage and downloads is critical for protecting against outside hackers.
8. Direct deposit.
Utilizing direct deposit for payroll is an easy way of ensuring the correct dollar amounts go directly into the correct employee’s bank account.
9. Look out for odd behavior.
Look out for things like pricy new purchases outside of employee pay grades, or never taking vacation or sick days. While not always an issue, these are common signs that something may be wrong.
10. Vendor verification.
Implement vendor verification and background procedures to help ensure that you’re paying valid business expenses.
11. Proper supervision.
Having proper management and a clear chain of command may help prevent fraud and corruption from within the company. Additionally, different and distinct levels of management will give employees someone else to turn to if they suspect fraud is occurring with their manager.
12. Create an anonymous reporting system.
There should be an easy and confidential way for employees to report any questionable behaviors. The easier and more confidential the process is, the more likely employees will report fraudulent activities.
13. Oversight of company finances.
CEOs should know where and how the company’s finances are distributed. Have as few bank accounts as possible, be extra cautious if your organization has multiple bank accounts, and know the business flow of each account. Monitor accounts frequently to stay on top of sudden changes or discrepancies.
14. Effective response to fraud allegations.
There should be a clearly documented policy for how fraudulent activities will be investigated and resolved. Any fraud allegations should be handled swiftly and professionally as to avoid further escalation and frustration.
15. Hire experts.
Hiring experts to help you establish policies and procedures can enhance effectiveness. Professionals can also provide internal control recommendations, internal control audits and forensic analysis to help detect and prevent fraud.
16. Audit trails.
Having procedures that create a clear audit trail will help provide proof of where documents and processes went astray. This will also help keep employees accountable for their work.
17. Make unannounced internal audits.
Having periodic checks of your procedures and documentation will help detect errors and may deter potential fraud. It is also a good way to let others know that you are monitoring procedures for compliance.
18. Individual passwords and IDs for employees.
Employees should all have individual passwords and IDs to protect key data. Passwords should have strong criteria, change periodically, and computers should have an automatic “time out” function enabled.
19. Limit access to key data.
Having different levels of user access will help you limit and monitor what information employees have access to in your system. Be sure that only high-level employees have access to sensitive data.
20. Segregation of duties.
Separation of powers is important in all departments. Ensure that the person reconciling the bank accounts is different than the check signer, and be sure the person preparing daily bank deposits is different than the person posting customer payments to the accounting system.
Fraud protection for individuals.
1. Be protective.
Be cautious when asked to provide your home address, Social Security Number, passport information, etc. Consider who is asking and decipher whether they are authorized to have this information.
2. Have your bills sent electronically.
Paper bills are an easy target for thieves. Have your bills paid electronically (with trusted webpages) to avoid risk of theft in the mail or in transit. Online portals will also help you monitor and verify payments.
3. Beware of scare tactics.
The IRS will never call you to threaten a lawsuit or demand immediate payment. Hackers posing as “authoritative” figures and using scare tactics are often the most successful. Be cautious and verify the identity of anyone who requests personal information.
4. Shred unnecessary documents.
Shred any documents that have your personal information on them. Many people receive mail or receipts that contain personal information like your Social Security number and home address. If you don’t need them for taxes or documentation, it’s best to make that information indecipherable.
5. Secure your mailbox.
A lock on your mailbox will help keep your mail safe and secure.
6. Erase data.
Before you dispose of your computer or smart phones, be sure to delete all the personal information it contains.
7. Create strong passwords to protect your information.
It’s important to create strong passwords that are not easily guessed. Robust passwords that contain both letters and numbers, or even symbols, make it difficult for thieves to figure out. Change passwords periodically and have different passwords set up for your most important accounts.
8. Keep your browser secure.
Install encryption software to protect your online transactions. Be aware of the “lock” icon on the status bar of your internet browser to ensure you are on safe websites.
9. Know the trends.
Scams will often come in waves and trends, especially during tax season. Every tax season the IRS will publish a list of the years’ “Dirty Dozen” tax scams to look out for. Reading these common scams will help you stay alert and learn from others.
10. Be careful with unsecured WIFI.
Avoid banking or making online purchases when you are utilizing an unsecure WIFI connection. Hackers have become increasingly adept at intercepting unsecured WIFI communications.
11. Check your credit history regularly.
Always check your credit history to make sure that everything is accurate and legitimate. Look out for sudden drops that might alert you to fraudulent activity. Each of the credit bureaus allows you to check your credit for free once a year.
12. Carry a light wallet.
Be cautious about the amount of information you carry in your wallet (multiple credit cards, IDs, etc.) Carry the minimum to avoid losing a large amount of information in one strike.
13. Do not over-share on social media.
Be cautious of the information you share online. If you post too much information about yourself on social media, a skilled hacker could start to gather personal information useful for guessing passwords and security questions.
14. Secure your credit and debit cards.
Ask your banks about credit and debit cards with your photo on the front. Instead of signing the back of your card, print “verify with photo ID” to minimize further risk.
15. Lock up your computer.
Have passwords installed on your personal computers and make sure they go into “sleep” mode after a set amount of time. If your laptop is stolen, it will be much more difficult for a thief to get access into your personal information.
16. Check privacy settings.
Check the privacy settings on your browser and social media accounts regularly to stay up-to-date on new or changed settings that you may not be aware of.
17. Make copies of your personal documents.
Keep copies of all of your important documentation (ID, passport, Social Security card, etc.) in a safe place. A safe deposit box or a well-hidden home safe can provide the ideal protection.
18. Don’t trust suspicious branding.
It’s relatively easy for imposters to pose as trusted brands and websites. While the branding may look similar, be suspicious if something looks “off” or a company suddenly starts requesting information out of the ordinary.
19. Hide your passwords.
Avoid using websites that auto-populate your passwords for you — especially on your banking sites. Also avoid having an obviously labeled “Passwords” folder on your desktop. Hide your passwords somewhere inconspicuous and hard to locate.
20. Respond promptly.
If you suspect identity theft, immediately contact your financial institutions to report unauthorized charges. You can also freeze your bank accounts to prevent further loss while you investigate the details.
Ernie Rossi is an Audit Partner at Sensiba San Filippo. He works with many small to mid-size businesses to implement policies aimed at preventing internal fraud. He can be reached at firstname.lastname@example.org or at 650.358.9000.