As sophisticated as potential fraudsters have gotten during the internet age, swindlers have been working to separate companies from their valuables for as long as there have been companies. Much of the focus for business owners of late has been on the awareness and prevention of cyber fraud – and rightly so. But just because it doesn’t grab the headlines, doesn’t mean that other types of “good old fashioned” fraud or theft can be ignored. Taking some basic steps can keep your business and its valuables safe and secure.
Physical security may be something that has moved out of top-of-mind awareness, but it shouldn’t have. Keeping valuables locked up, controlling access to the physical plant of your business, and discouraging theft are components of a solid physical security plan. Valuables that should be secured include any cash, IT infrastructure, and any confidential information kept in a paper format, but don’t forget to include check stock (both unissued and canceled checks!) or other hard to replace original physical documents. Physical access to the office or specific parts of the office can be controlled with badges (or keys) and using visitor registries/logs and name tags. Keep in mind that not all employees can or should have access to all information or locations and keeping a registry of who has keys, badges, or other access can keep them from falling into the wrong hands. Controlled access, clear signage, good lighting, security systems or security cameras should also be considered as part of the physical security plan of any business.
Dual control is the tactic that provides the separation of duties so that there is a level of oversight over key business practices that could otherwise be susceptible to fraud. A classic example of that is separating the duties of the person who is writing the check from the person who balances the checking account. Yet, it is much more than that and includes dual control over purchasing (the person placing the order shouldn’t be the one verifying the shipment), payroll, vendor management/selection, invoicing and the like. Even during vacations, dual control of key duties should be maintained to ensure opportunities to perpetuate fraud are minimized.
Deterrence can be a powerful way to stop fraud before it starts and often that means putting potential fraudsters on notice that you won’t tolerate fraudulent behavior and that you (and your fellow employees) are actively on the lookout for it. Setting the tone for what is expected, both in what not to do (fraudulent or sketchy behavior) and what you should do (stay vigilant and if you see something, say something) keeps the topic top of mind. Making fraud, and the detection of it, a regular part of your communication with your colleagues at all levels serves to deputize them to be the first line of defense in protecting the firm and its confidential information.
Business owners and managers must stay on guard against fraud and theft from seemingly every direction. Yet neglecting to consider, plan for and mitigate the risk of non cyber fraud and theft can leave a business unprepared for a problem that has never truly gone away.
