Recent figures indicate that as many as 44 percent of small businesses in the UK have been targeted by fraudsters with one in four businesses falling victim to fraud. A massive £18.9 billion is the estimated loss to UK SMEs. The reality is that fraud is a serious problem for small businesses who are more susceptible to fraudsters than larger corporations.
Research by Barclays suggests that fraud has resulted in over 50,000 job losses in British SMEs, and that the average cost of fraud to a business is almost £35,000. This is a staggering figure for a small business to weather (in two-thirds of cases, the businesses have to cover the fraud costs themselves).
Scams are particularly problematic for young SME owners who are, according to research, more susceptible to fraud.
Many SME leaders are unaware of the risks of fraud and the extent of the impact fraudulent activity can have on their business. Clearly, fraud prevention strategies are a necessity for SMES. Here I’ll be looking at the main types of fraud and things SMEs should be doing to mitigate the risk of being duped.
The main types of fraud
Fraud is a major challenge to SMEs, and can have serious consequences. There is a common misconception held by small business owners that ‘it won’t happen to me.’ But the figures tell a different story. New businesses are most susceptible.
There are many types of fraud a small business can be exposed to, such as cheque forgery, product theft, cash theft, expenses theft, compensation fraud, embezzlement, employees buying personal goods with company funds, fake suppliers, ghost employees, trade and business secret theft, bribery, overbilling and so on.
The main types of fraud SMEs should look out for are:
- CEO fraud – when hackers send a fraudulent email, pretending to be the CEO, to a member of staff requesting a bank transfer.
- Fake invoicing – committed by an employee, contractor, supplier or external fraudster who submit false, inflated or duplicate invoices with the intent to defraud.
- Mandate fraud – when a fraudster tricks you into changing a direct debit, standing order or bank transfer payment from an organisation or person you make regular payments to.
- Cyber fraud – when a criminal uses malicious software to send phishing emails. SMEs are just as much at risk of cyber attacks as larger businesses.
Fraud prevention strategies for SMEs
Preventing fraud can seem like an impossible task, but there are many steps a small business can take to protect itself. Knowing when to seek help is also important to mitigate any further loss. If you suspect fraud, especially from within the business, it is advisable to seek the help of a specialist forensic accountant. See more information about forensic accounting here.
Here are some of the things SMEs should be doing to mitigate the risk of fraud.
Understand the threats
Being vigilant and understanding where the threats of fraudulent activity are likely to come from is the most important thing a business can do to protect itself from fraud. According to former police officer and the founder of online security company, Business Fraud Prevention Partnership, Edward Whittingham, one of the biggest threats to SMEs are phishing emails, where hackers pose as trustworthy entities.
Cyber criminals use malicious software to compromise business, which are typically delivered as phishing emails. Training employees to remain vigilant is essential. Neil Walsh, head of Global Cyber Crime for the United Nations, says “employees must be educated as they are typically the route in for criminals to expose a host of issues for businesses.” The average cost of a cyber-attack to SMEs is £25,736.
Know your employees
While all business owners endeavour to hire honest employees, rigorous hiring routines often fall by the wayside. In fact, a formal hiring routine, including background checks for staff who will be handling cash or interacting with the business’s finances is essential for fraud prevention.
Employee fraudsters are usually those you would least expect and it can be devastating for employers to learn that one of their trusted employees has committed an act of fraud. But, according to a fraud prevention guide by Xero, employees are the main culprits of fraud in small businesses.
In most cases, employee fraud happens because the opportunity presented itself and can be more of a temptation to employees who are experiencing financial difficulties.
Look out for abuse of flexible working and false overtime claims, false expense claims, misuse of the company credit card, theft of company assets, bogus payments, authorisation of payments to oneself, theft of cash, and false accounting to cover up theft, as well as collusion with suppliers to falsify invoices.
Segregate accounting duties
It’s common in small businesses to have one person looking after all of the bookkeeping functions, including managing petty cash, paying invoices and managing payments received from customers. This isn’t a good idea. When one person is responsible for the incoming and outgoing payments and invoices, as well as the record keeping, it makes it easy for that person to commit fraud without it being noticed.
Ideally have at least two people handling the accounts, with checks and balances in place to mitigate the risk of fraud. The handling of cash should be kept completely separate to the accounting function. See more information on improving internal accounting controls here.
Keep tabs on your suppliers
Knowing your suppliers is crucial to your business. Fake invoice fraud is rife. UK SMEs are losing over £9 billion a year through invoice fraud every year. Be vigilant about overcharging, duplicate invoices and employee collusion with a supplier. It’s a good idea to regularly review the financial health of your suppliers.
Unethical suppliers will often try to get paid twice for the same job by issuing two invoices. Look out for fraudsters posing as a supplier and asking you to change the bank details for future payments. Validate new suppliers and double check all requests to change bank details.
Be vigilant and don’t wait until it is too late.