We are all well aware of how fraud and identity theft can harm our personal lives. But construction business owners should also be aware of how fraud can hurt their businesses and what steps they should take to protect their companies from fraud.
RBS Citizens Financial Group, Inc., a Providence, R.I.-based commercial bank holding company, is working to educate business owners and make them aware of areas of vulnerability. “During and just after the holidays is when many fraud schemes pick up, as more people feel stretched with greater year-end expenses,” says James Gifas, head of RBS Citizens Treasury Solutions. “As we look ahead into 2013, companies may have blind spots they may not be considering when trying to protect themselves, particularly when it comes to employee fraud."
The following is Gifas' list of 10 common security gaps – or fraud blind spots - business owners should address to protect their companies in 2013 and the future.
1. Are you using weak passwords? “Hackers have more processing power to crack passwords than ever before, and can relatively quickly test all words in the dictionary to see if the right one comes up. Use instead a more complicated combination of letters, numbers, and symbols that aren’t easily searchable.”
2. Do employees keep passwords “hidden” in their top desk drawer? “The strongest password in the world won’t protect your account if a perpetrator can read it from a slip of paper in your office. Keep passwords behind lock and key, just as you would cash.”
3. Are you training your employees against social engineering? “Many fraudsters find it easier to trick a person into revealing account credentials than to hack into a computer. Training your employees to not provide any user name or password information over the phone or email – even if the source seems legitimate and unless and until the source is independently verified – is a vital measure of protection.
4. Do you lock your computer when you step away from your desk? “As we all know, a minute away from our desk can sometimes turn into much longer, as meetings pop up and we get stuck taking care of a crisis. Again, just as you wouldn’t leave cash lying around on your desk, always lock your computer as well. Also, software such as Trusteer Rapport provides additional high-tech protection against infiltrators who try to break into your computer electronically.”
5. How well do you know your vendors and business partners? “While you may somewhat confidently share wire instructions with long-time vendors or business partners, it is wise to conduct some due diligence around new vendors or other payees. Using the Positive Pay services for checks and ACH and Payee Positive Pay for check disbursement accounts adds in an extra layer of protection.”
6. Do you conduct surprise audits? “The American Bankers Association reports that 60 percent of all fraud incidents within a business involve employees. Surprise audits are a good way to detect and deter occupational fraud schemes so that funds can’t be manipulated ahead of the audit.”
7. Does your company enforce vacation policies? “Similarly, making sure that there are periods of time in which employees are away from their desks and have their records available for oversight has been supported by financial regulators like the SEC for years, but all companies can benefit from this policy. A one- or two-week window can provide the additional transparency needed to expose internal fraud.”
8. Are dual approvals required for your payments? “Implementing banking processes that require dual approvals for activities such as payments and wire transfers is an easy way to minimize certain fraud risks. Companies can also require additional approvals before a new vendor is added to a payment system, as well as use debit blocks and alerts to reduce the risk of unauthorized payments.”
9. Is there open access to company checkbooks? “In 2012, 85 percent of organizations experienced actual or attempted check fraud, according to the Association for Financial Professionals’ latest fraud survey. Having company checkbooks out in the open leaves your bank account information visible and increases the risk of check theft. Always lock up any checkbooks.”
10. Does your company have on-site collections? “Outsourcing collections mitigates the risks that emerge when receivables checks are lying around the office.”
Gifas offers one last piece of advice: “Walking employees through scenarios and conducting training around fraud threats can help to minimize the headaches and real financial losses that happen when fraud occurs.”