Even though businesses face a climate that includes increasingly sophisticated and rampant fraud schemes such as business identity theft, mobile malware and money mules, many small businesses – from industries as diverse as retailers to professional services firms – are not as protected as they should be, according to a new survey.
Bank of the West's survey, "Fighting Fraud: Small Business Owner Attitudes about Fraud Prevention and Security," found that while 95% of small business owners take steps to prevent fraud, only 18% are using two person controls – one of the most important precautions. The poll was conducted online by Harris Interactive in May and June of 2013 among 803 small business owners.
According to the National Federation of Independent Businesses, security experts say that as many as 30% of an average company's employees do steal, and another 60% will steal if given a motive and opportunity. Some estimates indicate that more than $600 billion is stolen annually, or, roughly $4,500 per employee. Yet, the Bank of the West study found that less than one-third (32%) of small business owners have a business insurance policy that covers employee dishonesty.
The Bank of the West research also found that in general, when the owners have been victims themselves they are more likely to be extremely or very concerned about the potential for fraud (62% of victims vs. 45% of non-victims). Small business owners who have not been victims of fraud are:
- More likely to believe their payment collection accounts are not at all vulnerable to fraud (47% of non-victims vs. 24% of victims)
- Less likely to take additional steps in the next year to prevent fraud (32% vs. 50%) and,
- Among those who do not utilize any fraud prevention tools, are significantly more likely to perceive fraud risk as low (49% vs. 15%).
But, the risk is very real—according to the Association of Certified Fraud Examiners' (ACFE) most recent Report to the Nations, small businesses are the most common victims in fraud instances, with the highest rate of fraud (31.8%) of any business size category and the largest median loss.
The results of the survey indicated that small businesses lack many foundational security measures:
- Less than half (48%) secure documents properly – either in locked files or with password protection—even though theft of digital information has become the most commonly reported fraud.
- Half (49%) neglect to conduct regular checks of the business' financial and inventory departments.
- 61% of organizations have experienced payment fraud, according to the AFP Payments Fraud and Control Survey, yet the Bank of the West study findings show that only 33% use centralized payroll and approved vendors and only 30% use fraud prevention services such as ACH Positive Pay, ACH Block, Stand Alone Positive Pay, or Reverse Positive Pay.
- Only 40% conduct employee background checks, less than one-third (32%) have a business insurance policy that covers employee dishonesty, only 18% use two-person controls, and just 16% report having a written fraud policy—though Bank of the West fraud experts acknowledge employee fraud is among the greatest risks facing small businesses.
- While 52% have used online browsing protection tools, only 36% have business data security policies in place, and only 2 in 5 (41%) small business owners have a written policy concerning remote networking, email and Internet safety procedures for their company—despite the fact that 69% say employees' personal computers are used for work.
"Small businesses are particularly susceptible to fraud because they have fewer resources. Yet, the impact of the resulting losses is usually much greater than for larger businesses," said Michelle DiGangi, executive vice president of small and medium enterprise banking at Bank of the West. "Through our close relationships with business owners, we've seen first-hand how devastating fraud can be on them. Fortunately, there are precautions – which in many cases are fairly simple to execute – that owners can take to better protect themselves from being victimized and improve the overall security of their organizations."
"I was surprised to see that just about a third of small business owners plan to take additional fraud prevention steps this year," said David Pollino, Fraud Prevention Officer and Senior Vice President at Bank of the West. "Often, owners expect banks to protect their transactions. While banks play a large role in safeguarding businesses, businesses also have responsibility for taking steps that will counter these increasingly sophisticated security attacks and make themselves less vulnerable."