A small business is just as vulnerable to cybercrime and fraud as any of its larger peers. In fact, research from from the Federation of Small Businesses (FSB) reveals that smaller businesses in the UK fall prey to seven million cybercrimes every year. That amounts to 19,000 attacks a day, with each incident costing the victim precious money and time. On average, cybercrime costs small businesses £3,000 in damages, and over two days in downtime.
And still, many small businesses don’t believe they are truly at risk. It’s an understandable misconception; the stories that make the headlines typically involve much larger companies. And businesses – of all sizes – prefer to keep any security breaches as under wraps as possible to avoid reputational damage.
However, to combat the very real risks of hacks, data theft and invoice fraud, business decision-makers need to stay alert, boost their security measures and importantly, share their knowledge and experiences. Operating your business under a false sense of security will simply leave you open to fraudsters, unprepared for their arrival and at risk.
Watch out for invoice fraud
Purchase order (PO) and invoice approval processes are easy to hack. Unethical suppliers simply submit two invoices for the same PO – each with a different invoice number – two or so weeks apart. Given the number of invoices that pile up for approval, it’s very easy for the person approving payments to just process both accidentally and pay the supplier twice. The supplier is in the clear even if the double payment is picked up; all they have to do is apologise for their administrative ‘mistake’.
Another way criminals perpetrate fraud is through impersonation. Fraudsters email your business pretending to be one of your suppliers and notify you of a change in their bank details. If you update their banking details on your system without first checking if the request is legitimate, you will redirect all payments to the perpetrator – until your real supplier queries where their money is.
Greater vigilance can help guard against both of those examples. Unfortunately, too many small businesses are either unware of these threats – or chose to ignore them until it’s too late. Bear in mind that if updating your security processes feels like too much of an expense for your business now, an actual breach will cost you much more in the long-run.
Invest in protection
As crucial as 24/7 vigilance is, it does add more admin to your already packed workload. Small businesses don’t have the luxury of unlimited resources: one person will typically perform multiple roles. In such a high-pressured, juggling-many-balls-at-once environment, mistakes are likely to occur from time to time. Thus, relying on manual processes to protect your business is not the most solid method of deterring risk.
The use of purchase automation applications can make a big difference in a small business owner’s life. They’re designed to automate manual administration and block threats like supplier fraud before they occur – enabling you to keep a more watchful eye on other areas of your business.
Of course, a new system will take some resources to implement and manage. But the overall expense will amount to far less than the cost of paying double invoices for a prolonged period of time. It’s worth choosing an authorisation process that includes a verification feature. This way, any new supplier is validated before signing on – and any supplier request to update payment information is verified first.
Share the load
There is a growing awareness of how pervasive and real the threat of financial fraud is for small and micro businesses. It’s not quite where it needs to be yet – especially in the small business sector – but more and more victims of fraud and hack attacks are sharing their experiences. This is a crucial step forward in helping each other learn not only how real the risk is, but how to block it.
Ultimately, the responsibility for fighting fraud includes everyone involved in your business – from employees, to suppliers and clients. Communication and collaboration is key. The more small business owners can educate themselves, join relevant communities and improve their security measures, the better they can fight the risk of financial fraud.
Neil Robertson is CEO of Compleat Software. A 39-year veteran of the financial software marketplace, Neil has a long track record of building disruptive start-ups into successful businesses, including his time as CEO EMEA of Great Plains where he built the business outside of the USA from 1995 – 2001. Invoice management software specialist Compleat is no exception and perhaps the most disruptive of them all.