Email  Print 

more best practices articles

• Cost Cutters: Fighting Fuel Costs
• Quick Tips: Making Up With Clients
• Hit the Highway
• Starting Up: Choosing a Bank
• Surviving a Seasonal Business

Updated on July 6, 2007.

BIG OR SMALL, ANY business is at risk for fraud: From shifty employees to unscrupulous customers to faceless hackers. Learning how to safeguard your company is essential.

But for small-business owners, preventing fraud can be especially tricky because of limited time and money. Often, a harried business owner will skip steps that could have prevented the theft of trade secrets or credit-card information or merchandise. So the experts advise: no shortcuts. Identify risks ahead of time, and take measures to protect your company.

"It's like the business equivalent of flossing," says Peter Horan, chief executive of AllBusiness.com, an online guide for running small businesses. "You don't have to like it — you just have to do it."

Here's a checklist of the top trouble areas, with tips on how to protect your business:

Dishonest Employees

That trusted, seemingly dedicated worker may be your worst nightmare. "It's a problem that a lot of small businesses face and just aren't aware could be a possibility," says Janet Attard, owner of small-business site BusinessKnowHow.com. In a 2006 study, the Association of Certified Fraud Examiners found that small businesses with less than 100 employees were more prone than larger organizations to internal theft, with a median loss of $190,000 per incident. Often, weak internal controls were to blame, the study found.

The first line of defense, experts say, is the hiring process. Employees should use an up-to-date, modern application (check with an industry trade group to obtain a sample form) and the information should be verified through a criminal or background check. Don't forget to thoroughly check partners' backgrounds — not just the staff's. An employer should be on the lookout for red flags: Workers who spend beyond their means or refuse to take legitimate perks. When employees get caught up in an embezzling scheme, they often don't want to take vacation or promotions so they can continue the ongoing fraud.

A small business should have a code of conduct in place and use an auditor to detect any misuse of funds. A business owner who relies on others to manage accounts should consider using an online ledger with "view-only" access to limit the threat of embezzlement. Lastly, when a worker is terminated under any circumstance, don't forget to cut off their access to company systems.

For more on hiring top-notch employees, click here.

Shady Customers

Getting a big order from a new customer is cause for celebration — and trepidation. To mitigate fraud losses, consider using an outside agency to perform a credit check and to verify a new client's information, such as a business or "doing business as" name, address, business tax identification number, and phone number. Small-business owners may fret about the delay that causes in today's competitive marketplace, but the extra legwork is worth it.

With identity theft rampant, a small-business owner who sells products via the web must be especially vigilant about individuals using stolen or fraudulent credit-card information. Keep in mind that online merchants generally have to bear the cost of scams. One way to authenticate a client's credit-card number is to first run a $2 charge, explaining you will reimburse the $2 when you run the final charge, advises Norris Beren, executive director of the Emergency Preparedness Educational Institute in Chicago. Give the $2 charge time to clear (that can take several days). That extra time offers some cushion for the vendor: Stolen credit cards are often reported within days of the theft, so if it's a stolen credit card, the real owner has hopefully alerted the issuer by the time the charge would have gone through.

"You always want to verify that, in fact, the credit card that you're taking online belongs to the person," says Beren, "before you make this big charge that might end up in cyberspace."

Unsafe Workplace

Don't make it easy for a thief or burglar to get access to sensitive information. Keep important business records at an off-site location. Consider using a third-party computer data storage facility with round-the-clock security to store critical information, such as accounting and employee data, customer lists and production formulas. 

Internet Attacks

Any business using the Internet is exposed to viruses, worms and other attacks, which have grown increasingly sophisticated and often originate in Asia or Eastern Europe.

Where to start? Focus on the company's most critical technology — such as a web order processing system — and take steps to protect that particular system. Consider a number of safeguards, not just one. "There's no silver bullet that covers everything, so you need to think about multiple solutions," says Glenn Brewer, vice president of engineering at Mazu Networks, a Cambridge, Mass.-based network-security company.

At a minimum be sure to use firewall and antivirus software, both of which have become affordable for most small businesses. An in-depth (and more expensive) plan would include an intrusion-prevention system, which can detect an attack and prevent it from being successful. Small-business owners might want to ask their web-hosting company about ways to protect their systems.

For more tips on small-business web sites, see our story.