According to the Association of Certified Fraud Examiners reports, U.S. businesses will lose an average of 5% of their gross revenues to fraud.

As fraud schemes become increasingly intricate, any company, regardless of size or industry, can fall victim. To combat the ever-evolving list of scams, here are six of the most valuable tactics to help safeguard your business, and hopefully, your bottom line.

Educate Your Team on Red Flags

Your employees are often the first and last line of defense. So, it’s imperative to educate your team on what red flags typically look like and how to navigate potential threats. Some of the most common fraud schemes include wire fraud, payroll scams, check tampering, inventory theft, billing scams, and phishing emails aiming to collect personal and financial information or redirect funds. By illuminating the most common flags seen, you might be able to prevent disaster. Here’s what to look for: 

• Unsolicited text messages, emails, or phone calls requesting sensitive information. For instance, they might pose as your company’s bank or another official organization/government agency.  
• Emails or text messages with suspicious links or attachments
• Scammers asking you to divulge personal information or banking usernames and passwords with a looming threat (i.e., hacked account) to gain access
• Unusual payment methods (i.e., payment apps, payments via gift cards, etc.)

Though the threat may feel real, it’s best to cut off communication immediately or contact the entity that got you through a publicly listed phone number to validate the request. 

Set Up Dual Control

Fraudsters are becoming increasingly sophisticated, and one growing tactic used is called business email compromises (BEC), where criminals pose as vendors, suppliers, business partners, or senior leaders and ask for payment via credit card, wire, or ACH. In most instances, the request will come from a valid email address (known as a spoofed email), or it could be an email takeover, where the criminal gains access to their inbox. Either way, these emails are often consistent with prior communication and ask that you keep the payment confidential or reply once you’ve sent it. 

With BECs, fraudsters are taking advantage of a few things: 

• Executive requests aren’t usually questioned
• Executives are often unavailable to verify requests 
• Urgent money movement requests won’t follow standard procedures

Often, companies don’t have a policy to call and verbally verify the information. In addition to educating teams on what red flags to look for, having multiple people approve payments, including the amount, wire, or ACH details, to verify the transaction’s legitimacy is best.

Invest in Reliable Malware Protection 

Since eCommerce retailers deal with an average of 206,000 web attacks monthly, investing in reliable malicious software protection is critical to preventing commercial fraud. Since malware is designed to infiltrate and damage a computer system without the owner’s knowledge, it can happen right in front of you. Investing in software can help alleviate the stress and future costs of cyber-attacks for your business. 

Create Secure Entries

For companies operating out of brick-and-mortar locations, whether a small business storefront or corporate warehouse, creating a secure entry helps prevent your business from any physical theft, security breach, or identity fraud. Though technology, like key-card systems, can get expensive, it provides detailed logs of anyone entering or exiting your building. In addition, access can be limited or granted to specific employees to ensure sensitive areas like file rooms or IT servers are restricted.  

Require Background Checks 

While hiring can be challenging, ensuring you appropriately onboard people is essential. Since resumes or references can be easily manipulated, conducting thorough background checks provides reliable insight to help narrow down your list of potential hires. Remember, as a business owner, you must legally disclose and obtain permission before running the check. 

Draft a Cyber Incident Response Plan 

And if all preparation fails, setting up an incident response plan will help get your business back up and running in the event of a cyberattack. Several large companies like IBM, Microsoft, and Cisco have incident response solutions to unify their organization in case of an attack. Typically, these plans include an escalation path, proactive communication, and a straightforward course of action. If resources allow, assign a qualified security expert to your team to monitor potential security risks and act as a reliable source for your employees. 

While there’s no whistle-stop solution to dodging fraud, any preparedness will help create a secure and confident workplace, and, as a result, a steadfast experience for your customers.  

“This page may contain links to external websites. These links are displayed for your convenience. FirstBank does not manage these sites and assumes no responsibility for the content, links, privacy policy, or security policy.”