Building Barriers Against the Top Three Business Fraud Threats

**Originally published July 7, 2015, updated July 22, 2019**

Fraudsters are always in the market for a lucrative new target. So, what’s the most information-rich, security-poor victim they can exploit? A small business, of course.

According to the Association of Certified Fraud Examiners (ACFE), an organization on average loses a whopping 5% of their revenue to fraud each year — that’s potentially a global total loss of $4 Trillion dollars. And small businesses are impacted disproportionately harder by fraud, with a median loss of $200,000 for businesses with less than 100 employees. That’s almost twice as much as the median loss for companies with more than 100 employees ($104,000.)

Thankfully, there are a few tricks small business owners can use to combat potential fraud. And the best place to start is by looking at the main entry points of exploitation: occupational fraud, cyberattacks, and identity theft.

Occupational Fraud

Occupational fraud is the low-lying threat from within. It occurs when an employee secretly siphons funds from your small business. Everything from falsifying expense reports to stealing petty cash from your register falls under the occupational fraud umbrella.

So how can you combat a crime that hits so close to home? Take proactive measures to eliminate the “fraud triangle.” The fraud triangle, developed by criminologist Donald R. Cressey, is a model depicting the three elements that create an ideal setting for occupational fraud — opportunity, pressure, and rationalization. Here are sound tips to build barriers against occupational fraud:

  1. Conduct background checks
    Avoid hiring a potential fraudster by conducting a thorough background check. Review their employment and criminal history and verify all of their references.
  2. Implement a checks and balances system
    Foil a fraudster’s opportunity by having multiple individuals oversee finances. For example, have two employees review expense reports and have both the manager and cashier count the cash register at close.
  3. Identify potential pressures and intervene early
    Family issues, drug and gambling addictions and credit problems are some of the most common pressures that will drive an employee to commit fraud. Talk to employees frequently and take immediate action, within reason, to alleviate potential pressures.
  4. Enact an anonymous tip hotline
    The ACFE found that anonymous tips are the most effective way to detect occupational fraud. Make sure employees have an anonymous outlet to voice fraud concerns, such as a hotline.
  5. Develop a code of ethics
    Print out your code of ethics and post it in a highly visible, employee-only area. Keep it clear and concise and make sure employees are well versed in these moral expectations you have set for them.


Hackers certainly make headlines for breaching big-name organizations like TargetMarriot Hotels, and First American Financial, but did you know they actually favor attacking small businesses? Ponemon Institute reports that nearly 70% of all small and medium-size businesses (SMBs) experience cyber attacks. Protect your business and customer data in a few simple steps:

  1. Have a password policy
    Passwords are your first line of defense. Make sure employees change passwords every 90 days and set rules to ensure passwords are unique and complex.
  2. Multi-factor Authentication
    Enable multi-factor authentication on all of your online accounts. This requires users to verify their identity in at least two separate ways, making it harder for hackers to weasel their way in.
  3. Keep software up-to-date
    Software updates are typically created to fix a newly discovered flaw in a program. Update your device as soon as the latest software version becomes available. Ignoring updates may expose you to malware, viruses and hackers.
  4. Encrypt your data
    Encrypt sensitive customer and business data. This prevents anyone from intercepting plain-text messages, including payment card information.
  5. Develop an incident response plan
    Build your plan of action to mitigate the impact that data loss will have on your business, so you’re ready just in case.

Identity Theft

How does identity theft impact a business? Identity theft and identity fraud do not just target individuals — businesses can be impacted as well, especially small businesses.

Identity fraud occurs when someone exploits your existing financial accounts. Identity theft occurs when completely new lines of credit are opening in your or your businesses’ name. Fraudsters typically get enough information about a business or the business owner to commit these crimes through data obtained from data breaches or through a close relationship with the victim (employee, friend, family member).

If a business owner is impacted by identity theft, it can have a direct effect on the business. Protect your personal and business financial accounts with a few basic best practices for defending against identity theft and fraud.

  1. Review financial statements often
    Review your personal and business bank records frequently to detect unfamiliar transactions. Report any suspicious activity to your financial institution immediately, and keep an eye on your business credit score.
  2. Don’t ignore pre-approved credit card offers
    These may seem like harmless junk mail, but fraudsters can easily exploit them to open new lines of credit in your name. Dispose of all credit card offers appropriately, and immediately inquire about any unfamiliar credit approvals or denials you may receive in the mail.
  3. Review your credit report
    Visit to receive a free credit report from all three of the major credit reporting bureaus. You are eligible to receive this complimentary service once per year.

By taking proactive measures to mitigate the damage from these three common fraud avenues, you and your small business can focus on what matters most.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

Eugene is the Director, Technology and Security of Sontiq, the parent company of the EZShield and IdentityForce brands. He oversees the architecture of the...
Read more about Eugene Bekker.

Leave a Comment.