By Karen Lumakis
Digital systems may be becoming ever faster and more efficient but not any safer, it seems. For every security improvement brought about by digitalisation – the phasing out of cash, for example – various new forms of thievery evolve, such as data hijacking and phishing.
It could, in fact, be argued that modern businesses need more control systems than ever before to safeguard not only their money and stock but their data as well.
There are six key controls that any owner-managed business must have in place to prevent fraud and the theft of their data.
Back up your systems: Even if all your business’s data is stored in the cloud, it is not immune to ransomware, hacking or accidental deletion. Invest in a back-up system through which you can quickly restore any data lost.
Change your passwords regularly: The weakest points in any business system are usually the people who work in it. They may not even be out to steal but could easily fall prey to password thieves. Set up a system that will ensure that all the people who work in your business regularly change their passwords, as well as the passwords of your key sites such as your online banking, accounting or social media accounts.
Limit your employees’ access: It is tempting for a busy business owner to simply give every employee full access to the system, because then you don’t have to bother with things like the occasionally needed one-off access codes. But the more people who have access, the higher the risk. The office intern does not need full access to your accounting system, for example. Think carefully about who gets access to which part of the system and make a strict rule against the sharing of access codes.
Conduct background checks on prospective employees: A phone call to a previous employer or two is not enough to ensure that you don’t let bad apples into your business. Get any applicant’s express permission to do a check on whether they have a criminal record.
If you are interviewing candidates for a finance-related job, check their credit record. You don’t want to give someone who is under severe financial strain at home access to your banking system. And remember to validate the qualifications on the candidates’ CVs. All reputable training and education institutions have validation systems in place.
Separate the duties in all your processes: Set up your business systems in such a way that no one person has full control over a system from start to finish. If you separate the steps in a process and give each step to a different employee, they are able to check one another’s work and pick up mischief or mistakes. A worker receiving cash, for example, should not be responsible for the reconciliation of the orders, or the one creating the invoices should not be the one responsible for chasing them up.
Curate your supplier list: Beware of supplier invoices that have fake banking details. Maintain a list of vetted suppliers and their verified banking details and run every invoice past the list before any payments are made.
What if you suspect fraud in your business?
Getting rid of suspected spyware on your IT system is pretty straightforward, though it might be expensive. Hire a reputable IT specialist to clean your network and set up firewalls against hackers.
But dealing with possibly fraudulent employees is sensitive. A wrong accusation of fraud can do serious damage to an employee’s reputation and can devastate morale.
One way of solving the dilemma is to hire an accountant, preferably one with an auditing background, to investigate a certain system or division of your business. It can be presented as a routine exercise, or one aimed at improving the system. Indeed, one of the outcomes of such an exercise may well be a set of recommendations to improve the efficiency and safety of your systems.
Karen Lumakis is Business Partners Limited’s chief risk officer.
BUSINESS REPORT