Skip to main content

Protect your business from fraud

2nd July 2023

Information Icon

Everything we publish on Business Talk is provided as general information only. It isn’t advice or an insight into the views of TSB or any of our Partners. This is for information only and should not be relied upon as offering advice for any set of circumstances. Please think about getting independent financial advice if you want help with your personal situation. While we make every effort to make sure the content is accurate and up to date, no liability is accepted by TSB Bank for any loss or damage caused by relying on any statement or omission. Links to external content are provided for information purposes only and not a TSB recommendation of any brand or service.

How to protect your business from fraud.
By Paul Davis, Director of Fraud at TSB

Small business owners have a lot to juggle. From banking and management issues to simply ensuring the cash keeps flowing, day-to-day commitments mean there’s a lot going on at any one time.

But there are big picture issues that need to be factored in too, not least the ever-growing risk of fraud. Between 2021 and 2022, cases rose by 151% in the UK, according to KPMG’s Fraud Barometer 2022, which was published earlier this year.

That’s why fraud is an issue small businesses simply cannot afford to ignore.

Just a few simple steps, some clever thinking and clear, open conversations with your team will help you get ahead of the criminals, and stay there, doing everything you can to safeguard your business for the future.

This simple guide to fraud, and how to protect your business from the risks, will get you started.

What types of fraud are small and medium businesses at risk of?

Criminals use a whole range of approaches to defraud small and medium businesses from unsolicited text or email requests for money and personal information, to unsolicited phone calls.

Some fraudsters even try to impersonate senior team members to get staff to make urgent payments or change existing bank account details.

Others use investment scams and online phishing attacks, with some targeting payroll and loans to access funds unlawfully. The methods are wide-ranging, meaning everyone in the team needs to be on board to combat the risk.

The unfortunate truth is that fraud can come from anywhere, including from employees, customers and suppliers, as well as those unconnected to the organisation.

So how can you protect your business?

Audit regularly

Identify the areas of your business which might be most exposed to potential fraud, and ensure these are audited regularly.

By considering your organisation’s weak spots and having plans in place to protect them, you’ll create an added ring of steel where you need it most.

Use the phone

We’re all so used to doing everything digitally these days it can be easy to forget to lift the phone. Yet when it comes to fraud, getting a voice on the other end of a call is a must, especially when setting up payments.

The main risk we’re seeing to SMEs at the moment is invoice fraud, coming in primarily via email. The answer here is simple – don’t rely solely on this means of communication.

Accounts can easily be hacked meaning fraudsters can set up new domains that look like genuine senders with very little effort so before confirming any new payments, make sure someone on your team has verified bank details over the phone with a trusted person.

Keep financial control procedures up to date

Sadly, internal fraud is a real risk to businesses across the UK and tends to increase during difficult times like the current cost of living crisis.

So make sure your business is on the ball by keeping financial control procedures up to date and ensuring they’re being followed closely by everyone in the team.

For example, write down procedures around how bills are paid, and conduct regular inventories of all products and materials owned by the business. Share financial duties between several employees.

Identify and monitor assets

Before you can protect your assets, you need to know what they are so make and regularly update a detailed list.

Put in place processes to monitor their status regularly and ensure the team stay on top of this with structured updates and reviews.

Check who has access to the accounts

Who are the signatories to your business’s bank accounts? Keep on top of this and make sure everyone with access is aware of what’s expected of them when dealing with the business’s money.

Look back over team members who previously had access to the accounts and if you no longer need them on it, make sure they are removed from the approved group of signatories.

Train your team to be fraud savvy

Cyber criminals work on an industrial scale to gain access to businesses, using a huge range of sophisticated tools to make it happen.

One of the simplest approaches is the malicious email, inviting users to open attachments which can look harmless but lead to a business-crippling cyber-attack.

Key to prevention here is staff training. A whole range of online courses are available or consider inviting an expert into your workplace to make sure the team is fully clued up on what to look out for and how to properly report a rogue email when they spot one.

Send test emails to see if your team can spot phishing attempts and know not to click on rogue emails.

By establishing a culture of fraud awareness in your organisation, you’ll create a powerful layer of protection.

Get strong digital defences in place

As well as training your team, invest in robust email filtering controls.

A while range of fraud management software options are available, so seek expert advice and find one to protect your SME’s IT systems from what could potentially be a damaging online attack. Intelligent software will be your first line of defence.

Check third-party controls

With many SMEs outsourcing their banking affairs to third parties like accountants, it’s worth checking how rigorous their fraud controls are.

It’s your money they’re dealing with, so make sure you’re confident they’re guarding it as closely as you would.

For more information on ways TSB can help you and your small business, click here.

TSB Bank plc. Registered office: Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, no. SC95237.
Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 191240.

TSB Bank plc is covered by the Financial Services Compensation Scheme and the Financial Ombudsman Service.

Calls may be monitored and recorded in case we need to check we have carried out your instructions correctly and to help us improve our quality of service. Not all telephone banking services are available 24/7.

Together we can end domestic abuse.

Safe Spaces, UK Says No more, popup