This month I would like to talk about cybersecurity issues and financial crime in small business environments. While it may seem like small businesses are small fish for criminals, this is not always the case. In fact, small businesses are often easy targets.
The major types of crimes that small businesses face in their daily operations include identity theft, stealing of private information, money laundering, and fraud.
Regardless of the size of the small business, the key point is to get hold of the client information as well as the job providers who receive the services of the targeted businesses as contractors.
Identity theft has been popular for a long time. Criminals are able to reprint the identification cards of their targeted victims, such as their drivers' licences, Medicare cards, and credit cards with their own names on them, and use these to perform serious transactions. Criminals can even buy and sell properties with other people's names and information. Sometimes the quality of the reprinted cards is even better than the original cards. To avoid their identity being stolen, the easiest thing people can do is to keep their private information totally confidential and never misplace their identification documents or cards.
Private information such as date of birth, tax file number, and Medicare number can be obtained by fishing calls, email scams, and even from rubbish bins or letterboxes. By obtaining this information, criminals can empty bank accounts, apply for new loans, and even start new businesses or commit other offenses in the name of their victims.
Small businesses are not immune from this problem, as they have already established relations with their customer base whose information is open for theft if the necessary measures are not taken. Risk assessment should therefore be the starting point for every business and sufficient precautionary measures should be taken, including even very basic actions such as performing customer due diligence, using two-factor authentication, and even using anti-virus software. Again, this information should never be shared with third parties without conducting the proper checks and without receiving permission from the customer. Contractors and staff members must also be scrutinised and bound by legal agreements to prevent them from abusing the system.
Another vital issue is training. Small business owners must ensure that their staff are trained properly and regularly. They must also revisit staff risk assessment and training cycles from time to time, depending on their business' size and activity.
These systems are designed to stop criminal attempts and the business must regularly reassess the performance of these measures.
Other than identity theft and information hacking, money laundering and other types of fraud are also a risk to small businesses. Financial and legal professionals, such as accountants and lawyers, often play an important role, voluntarily or unwittingly, in these crimes. Criminals often involve these professionals to assist them with setting up shell companies, etc., to hide their unlawful conduct.
A major problem with small businesses is usually a lack of funding to implement proper systems to keep fraudsters away from the business. Therefore, the initial stage of the small business' set-up is very important in that respect. The decision-makers in any type of organisation should not ignore the importance of proper systems. There are government grants and also business consultancy services available to make a good start on this. Data protection and systems implementation should therefore always be a priority as a part of any business plan.
If you need a health check on your business process, please contact us.