Fraud and embezzlement – two words business owners never want to hear.
With recent hacker news coverage, you’d think that online attacks would represent the largest losses for companies. But that’s not the case. The largest losses usually come from internal attacks.
You want to trust that your people have your best interests at heart, and many of them do. But that level of trust can get companies in trouble. It’s just too easy for fraud and embezzlement to go undetected sometimes. Setting up controls to prevent it doesn’t mean you don’t trust people – it just protects you from the risks.
What can you do to help prevent these things from happening in your company?
A lot of it comes down to your processes and separation of duties. The same person who writes the checks shouldn’t reconcile the bank statements, for example. Or the person who creates system users shouldn’t be the one paying the bills. These old-school theories may not prevent fraud and embezzlement completely, but it can certainly make it harder for one person to do it without collusion.
In addition to tried-and-true processes, technology can help you detect it early. Or even prevent certain things from happening in the first place.
Use Check Fraud Detection Tools
Almost all banks offer automated fraud detection tools, such as Positive Pay. With tools like these, you enter the check numbers and amounts in advance. If someone tries to deposit a fraudulent check, the system will decline it. Then, only the authorized approver can allow the transaction to go through. This controls the potential for check fraud. Most of the set up for this is done by your bank, but you may need your IT person’s help for the final steps. You also need a solid Internet connection and a secure network.
Review Your User List Monthly
One of the ways people hide their disingenuous activities is with fake user accounts. Sometimes, fake accounts mean that real checks are being written. It could be a fake vendor that’s been set up, or even a fake employee. The other risk is that someone inside or outside of your organization could have access to your network under a disguise.
Review your user list, or Active Directory list, monthly. Verify that the accounts you see are legitimate. It’s also best if more than one person reviews it. Ideally, it’s not the person who writes the checks for the company.
Also, make sure that your users are set up into groups based on their role so they only have access to what they need. For example, an administrative assistant probably doesn’t need access to company financials.
Limit or Disable Data Exporting
Many times, a company’s CRM or ERP system is the lifeblood of the organization. It houses all the data that makes the company run. That being said, it shouldn’t be easy for employees to download or move large blocks of company data from these systems, or any system.
There’s no way to prevent employees from taking some data and using it for their own purposes if they want to. Everyone has a printer nearby or a camera on their phone. If they really want it, they’ll get it. But it shouldn’t be as easy as downloading an Excel file of your customer list with the click of a button.
Review Internet Usage
Take a high-level look at your employees’ Internet usage. This could give you a heads up that something is amiss. If you see that someone in accounting or sales, for example, has been regularly accessing a cloud file storage service, like Dropbox, it could be an indicator that files are moving outside of your organization. In many cases, this is just an employee moving files they’ll need from the road. Or it could even be them accepting files that have been shared with them by customers. But sometimes, it’s an employee moving files offsite to use for other purposes. It could be a red flag to a larger problem.
Of course, there’s no way to completely prevent fraud and embezzlement. As the saying goes, “where there’s a will, there’s a way.” But companies have many technology controls at their fingertips. Use them to make it more difficult for someone to get away with it. Talk to your IT support team about limiting the risks of internal and external threats.
As seen in the April 9th issue of The Press-Enterprise
Related: Real Business Fraud Risks that are Totally Preventable