In Pursuit of Profit
Read our expert article below or sign up to get articles sent to your inbox.
As a business owner you need to understand that no company is immune from the possibility for fraud. Every day businesses become victims of theft, resulting in not only lost cash but also sensitive information and business data. Realizing this is paramount. Fraud does happen and it can happen to you.
Implementing internal controls is the foundation of fraud prevention initiatives, but your efforts should not stop there. Today’s heightened cyber threats require a tactical approach to cybersecurity as well. Consider the following cyber fraud statistics about US companies:
So, what can be done about this vulnerability in the face of heightened cybersecurity concerns? Businesses must take a comprehensive approach to the security of their financial data. Establishing and maintaining internal controls and cybersecurity best practices are going to be your best defense against internal or external fraud.
Use this comprehensive business fraud checklist to mitigate fraud risk:
Set permission levels on accounting software and apps and establish unique passwords for all employees. Use a password manager service to generate secure passwords and require that these passwords be changed frequently to minimize the likelihood that a compromised password can be used fraudulently on an ongoing basis. Where possible, utilize multi-factor authentication as well.
Use access logs to see what employees are accessing and when to ensure that it matches with their job duties. Rely on these records to help identify the culprit if fraudulent activity is discovered.
Companies that have strong internal controls should look for providers with similar policies and protocols in place to maintain their strength in these areas. Companies with weaker internal controls should seek out providers that have more stringent security guidelines to help encourage their efforts in these areas.
Some companies not only offer cyber threat training but also run periodic tests to analyze their vulnerabilities. Staging fake threats like fictitious email phishing schemes or phony vendor invoices to see how employees react is a proven way to gauge the effectiveness of their training and sure up security holes before a real threat arises. Reward employees who respond to these correctly and offer additional training to employees that fall for these threats.
As a secondary layer of defense, use anti-virus software to catch anything that makes it through your firewall. Anti-virus software will conduct routine scans automatically to look for malicious software or attempts to breech the firewall. As long as it is regularly updated it will operate using the newest cybersecurity information available to keep up with constantly evolving cyber threats as well.
Working together a VPN and firewall make up two of the “Security Six” safeguards that the IRS lays out as best practices for tax professionals, which demonstrates how important they are to cybersecurity for accountants.
If possible, only have employees work on company-provided devices to avoid the additional security risks associated with working on their own phones and computers. Use drive encryption in case a device is lost, stolen, or hacked. Where possible, use a mobile device management platform on company equipment for any employees working offsite so that if a device is lost or stolen it can be locked down to block access.
Lastly, establish company policies to clearly define expectations related to things like accessing, transmitting, and sharing sensitive information and financial data. Do not leave it up to guesswork. What may seem obvious to management may not be well understood by some employees. Clearly differentiate between what is and what is not allowed. For legal reasons, it is typically best to also include verbiage that explains the consequences of not adhering to these policies.
For a real world example from one of our colleagues of how these types of precautions can safeguard your business read: A True Story About Accounting Cybersecurity a One Company’s Narrow Escape
Remember, your business cannot be protected against fraud if you cannot trust the people tasked with managing its finances. If you are looking for a reputable accounting company, please reach out to us. We employ a seasoned team of accounting professionals that uses their extensive experience combined with ethical practices to deliver top-rated accounting services to clients across Oregon, Washington, and Colorado.