The probability of fraud attempts against SME businesses continues to increase. This rise is linked to the worldwide integration of online systems into modern business infrastructure. In the present-day fraud environment, these now form the backbone of most trading organisations and this environment combines long-established fraud methods with easy, global accessibility. Furthermore, the opportunity for fraud has increased within this environment.
Why is fraud on the increase?
A recent report found that, in the UK, 81.4% of organisations had experienced at least one cyber attack in 2021-2022, compared to 71.1% in the previous annual findings. Professional fraudsters are constantly and actively trying to identify opportunities to steal money from businesses. This includes identifying signs of weakness in a business’ systems and/or processes to exploit for personal gain. The transition in business practice over the last twenty years to using online systems coupled with unfettered global communication has presented a greater opportunity for fraudsters to attack businesses than at any prior point in history. Fraudsters may now act for organised crime gangs operating from foreign jurisdictions. Alternatively, they may still hide within communities, using local knowledge and connections to commit fraud.
When does fraud often occur?
Fraud attempts can be made in multiple ways. They often focus on utilising a company’s existing processes and manipulating them to their benefit. This can be done through the supply chain of goods, services, and people.
In an organised fraud, an employee who transpires to be rogue may infiltrate a business and sometimes end up in a position of trust. Once there, they seek responsibility for important business elements so that they can both access and impact financial approvals.
Working with external fraudsters, this employee may order a sub-par product or may agree orders for overpriced goods or services. In a worst-case scenario, they could also gain access to the company’s banking and finance systems. This could result in illicit payments being made. Maintaining effective accounting and banking practices can help to mitigate the risks of dubious payments leaving a company’s bank in the first place.
If a business does become exposed to fraud, it is usually difficult to recover the losses. Even if a criminal prosecution is successful, getting back any part of the stolen money could take several years. Consequently, a prevention strategy is the most effective way to protect your business from this type of criminal activity. Here are some basic suggestions which can help:
1. Keep your online systems up to date
Step One: Protect your business against internet-based fraud attempts by ensuring that all online systems are frequently updated and adequately protected – use professional help if required. As reliance on technology has seen exponential growth in the number of cyber fraud attempts, fraud is becoming harder to prevent. A compulsory condition of cyber insurance is that all technology has up-to-date security and operating software to protect the cyber environment. This will help protect your business against ransomware attacks, which can render systems inoperable until the inevitable ransom demands are met, or the entire computer operating system is rebuilt.
2. Train your staff on the risks of fraud and how to identify it
In any organisation, all it takes to compromise the whole company is for one individual to click on a phishing link. Companies with higher revenue are more likely to be targets for fraudsters. Comprehensive fraud prevention training and education are therefore recommended for all staff. This training should include these three essential elements:
How to spot potential fraudulent emails
Teaching your staff how to spot a potentially fraudulent email is vital. Missing letters or other small irregularities in emails may imply that the person sending the email is not who they appear to be. Fraudsters often make minor spelling amendments, for example, using a “1” for an “l”, or a “0” for an “O”.
Increasingly, fraud attempts are becoming more sophisticated. Sometimes fraudsters may impersonate a company’s existing supplier, making it more difficult to identify the threat. The fraudulent supplier may contact the business using a slightly different email address or ask for payment with new banking details. You need to be conscious of checking details and be able to spot anomalies.
Check and check again
If you receive a suspicious email, you must be vigilant and check the details carefully before interacting further with the sender. Fraudsters, including those who engage in ransomware attacks, will try to make emails look as real as possible and as if they have been sent from an authentic email address.
Compare the details of your emails
When clicking through emails quickly, small mistakes can easily be missed. Suppose you notice something that doesn’t look right. In that case, the best way to determine whether an email is authentic is to compare the details against existing information or check things via another communication channel. Never click on the suspect email, click on a link within a suspect email or open the attachments to it.
3. Save vital documents to a secure offline environment
Nowadays, it is virtually impossible to conduct business without using online systems to operate core functions, including payroll and eCommerce. Our reliance on online systems has put key information at a greater risk. If the systems are compromised, e.g. when malware infiltrates a system, it is usually particularly challenging to reset or restore the systems to how they were previously. Although investing money into constructing a mirrored backup system can be effective, it is a costly addition, and this is not a definite measure to ensure that the same fraud will not be repeated.
Resetting the systems to a point in time before the fraudulent attack also does not automatically solve the issue. Malware can attach itself to data without being noticed and remain in the system unless or until someone notices it and actively negates it. One approach to mitigate the risk of malware attacks is to save vital documents (for example, legal title documents, core banking information and customers’ and employees’ financial information) to an offline location so that fraudsters can’t steal or compromise them and they can be restored to a clean system – as long as the malware is not embedded in the saved files. Employing professional and specialist IT security advice may be necessary if it cannot be done in-house.
4. Follow your instincts
It is often difficult for a business owner to comprehend that an employee or long-term supplier would not only be disloyal but also undermine their business through fraud. Sometimes businesses wait months or even longer once fraud is suspected before seeking professional help. This leaves it too late to prevent large fraud losses and significantly decreases any prospect of recovering stolen funds. When suspicions of fraud arise, it is vital to act immediately, including obtaining external expert support and advice as necessary. Fraudsters will not stop until caught or interrupted, and matters will deteriorate quickly if left unchecked.
5. Develop preventative measures
Finally, remember that professional fraudsters target companies to benefit themselves – and they are good at what they do. They have little or no regard for the consequences that their actions will have on a business, or its employees. Develop preventative measures to provide some protection, such as keeping systems up to date and providing comprehensive training to staff. However, if the worst happens, and the business is exposed to fraud, having the knowledge of how to control and limit the damage and protect stakeholders’ interests is essential. Most companies should have a documented cyber response process too.
For more information or if you need assistance with a potential fraud issue, contact Gavin Cunningham, Partner and Head of Forensic Services at Menzies LLP on [email protected].
Offering the full range of accountancy services, Menzies is headquartered in London (with a network of offices across Surrey, Hampshire and Cardiff), and has a global reach through the HLB network. Described as the ‘best performing firm outside of the top 10’ by Accountancy Magazine, Menzies has over 500 employees and an annual turnover of more than £50m. Menzies is a member of HLB International, a global advisory and accounting network.
An award-winning firm, Menzies was 2022 Finalists at the Tax Tolley Awards for: ‘Best Business Tax Team’; ‘Best Employer in Tax’; ‘Best Specialist Tax Team’ (Innovation & R&D); ‘Best Regional Tax Team’. The firm also won the title of ‘Corporate Restructuring & Insolvency Team of the Year’ at the Credit Awards 2022 for the second year in a row and was ranked 6th in the Accountancy Age Mid-tier Power Index 2022. Menzies won the ‘Diversity and Inclusion Award’ at the Tri Awards 2022.
Menzies offers a full range of services – tax (business & personal), corporate finance, audit & assurance, business recovery and forensic accounting, as well as strategic advisory, outsourced services, people solutions, wealth management and business valuations. Visit here for more information.