As new technology continues to change people’s daily lives it is also opening up new and easier ways to manage your money and the way that you interact with your bank.
While there are a number of benefits to this, it’s essential that proper controls and guidelines are put in-place so that small businesses can take precautions and protect themselves from fraud or any potential vulnerabilities. In the UK, over 40% of businesses have experienced fraud attempts. Your vigilance is your best defence - ‘think before you click’. Knowing what to look for, we can all make a very real difference to help prevent fraudsters from succeeding.
Computers, online banking, electronic payments and email are central to a business managing its finances.
Phishing relates to scam emails which appear to be from your bank and often request confidential information marked urgent, contain links to an unusual website, or have a form of malicious software such as viruses embedded within them. Be cautious about opening any unsolicited emails and don’t click on any links or attachments. Your bank will never email you a link or an attachment which takes you straight to a login page.
Your bank will never email you asking for your full password, PIN or reader codes, or ask you to transfer money to a ‘safe’ account.. If you receive such an email purportedly from your bank and you’re unsure about it, do not open it. Instead, see if your bank offers a safe email address that you can attach the suspicious email to, for internal review, then delete it.
If your PC is not protected, fraudsters can access your online data by downloading malware (malicious software). Some indicators that you may have malware include : unusual pop-ups or messages, a ‘please wait’ message, slow running, unusual home page, no https:// or padlock, programme crashes. Make sure your computer is protected with security software which is regularly updated.
For online banking, check the beneficiary account details of every payment you make, even if these are regular payments.
Have different colleagues to set-up and approve payments and, if possible, reduce the number of workstations used for your banking, whilst ensuring that you have logged-out fully when you have finished your online banking.
If you see any unexpected screens or pop-ups, log out and call your bank immediately to flag this and see if it is legitimate or not, and contact your IT provider.
Vishing relates to telephone calls purportedly from your bank, or the police, seeking to obtain confidential information. Fraudsters can manipulate the caller ID so that the number displayed appears to be that of a legitimate organisation. The fraudster may ask you to call back on the number displayed, or another trusted number, but they keep your phone line open by not putting down the receiver at their end. The result is that when you call back to what you believe to be a safe number, you are still speaking to the fraudster.
If you are in any doubt that you are speaking to your bank, stop the call and contact your bank from a different telephone line using a known, safe number. If a separate line is not available, call a friend or external colleague first to ensure the line is clear.
Remember, your bank will never call you asking for log-in or other sensitive information, or to ask you to transfer money to a ‘safe’ account
Using cheques remains commonplace, so ensure you cross through spaces after the payee and amount. Always use a black or blue ballpoint pen, and apply more pressure than normal.
Businesses with the ability to make BACS payments are well-placed to remove the chequebook altogether, and your bank can explain how to utilise BACS to replace cheques.
If you receive a change of bank details notification from a supplier, even if attached to an invoice, please speak to your contact at that firm for confirmation. Use a publically available telephone number rather than the one contained within the invoice for added security.
You may also want to consider who has the ability to amend supplier bank details internally and reduce this to the administrators only.
Cash remains common for many businesses and because it could be used for many different transactions, the opportunity for fraud or theft remains high.
Moving to a cashless system may appear onerous, but can be achievable. Not only will this reduce fraudulent activity, but also the time consuming task of reconciling an almost constant flow of cash and cheques.
It is a sad fact that fraud does happen and all types of business will remain targets. You should speak to your regular contacts such as your auditors, solicitors and your bank on a frequent basis to build an understanding of how risks can be managed effectively.
If we remain vigilant, we can all make a very real difference.