How to ensure your new business doesn’t become a victim of Covid-related fraud
By Francesca Dowling, Head of Compliance at Amaiz (the business app)
In the movies, a disaster always seems to cause chaos on the streets. The standard direction to the ‘background actors’ is clearly to run screaming in panic in different directions. Of course, we’ve all recently learned that, apart from the odd fight over loo rolls, the chaos the pandemic has caused is less visible than that.
We’ve accepted intrusion into our lives by the state, we’ve changed where we work, and we’ve isolated ourselves from each other. This creates the perfect conditions for fraud and there has consequently been a massive spike in the number of cases. Fraudsters are feeding on the disruption. How do you protect yourself and your new business? I’ve made it my life’s work to prevent fraud. Below are just some of the key issues you should be thinking about as you start up, to ensure you’re not a victim.
Unless you’re a specialist, employ an IT support company to ensure that you don’t make any basic errors in your IT security set up. Some of the key points:
- Two-step authentication is now standard. It is far too easy for fraudsters to access your systems without it. It is also worth considering biometrics (fingerprint, eye scanner), depending on your level of risk.
- Instal anti-virus software, some is better than others. Will your employees be using their own devices? If so, make sure that they have the same security installed as the rest of your IT.
- A good IT system will force regular changes to passwords so that you’re not reliant on employees complying.
- Who has access to the passwords for your website and social media? Too many companies lose control over both within weeks of starting up. Keep a record and change the passwords (and access in the case of social media) every time someone leaves. If not, you could be held to ransom by a disgruntled ex-employee/ supplier or someone could commit fraud by posing as you.
It is well worth getting an independent specialist company to audit your IT security. Unlike your IT support team, they’re incentivised to find problems and solve them before they cause a breach.
While working from home, security standards can slip. Make sure all employees are briefed on the basics and check that their working environment is secure. Are they working in a shared house where someone else, they barely know, could access their computer? Do they work in coffee shops? Is that something you’re comfortable with or could it lead to customer, or other sensitive data, being compromised?
As a start-up it may seem like the ‘done’ thing to work in public places, but they really are best avoided. Fraudsters love public Wi-Fi. It takes them minutes to set up a convincing account and all they have to do is sit there and wait for people to log on to what appears to be the official Wi-Fi. Or, to their amusement, be asked for the Wi-Fi details by other customers. They then have access to the computer and all the passwords stored there.
How do you intend communicating with your team, suppliers and customers? It is very easy to hide behind our computers at the moment, and not to speak to each other at all. However, the phone can be a great way of avoiding two of the most common scams. The first is the ‘employee’ who urgently needs you to transfer their expenses to their bank account, and helpfully gives you their bank details to ‘make it easier for you’. The text may be written in their usual style and even come from their phone number. If anyone requests money from you like this, phone them and check it is them. The second is the e-mail from the supplier advising you that they’ve changed their bank details. Again, the e-mail can come from their usual address and include their standard signature. If anyone gives you new bank details, always phone to check before you make the change.
Fraudsters will also phone you. Typically, they pretend to be an official body to get your personal details or to demand immediate payment of tax. They can be very aggressive and even threaten you with prison if you don’t pay there and then. With all calls, unless you recognise someone’s voice, treat it as a cold call. Tell them you’ll phone them back. Then find the official number (the one on the bill or on the website) and call that and check. The fraudster will stay on the phone, to pretend to answer the call, so use a different phone if you can.
There are numerous other scams and new ones almost every day, so do follow specialist social media for updates and alert colleagues when you hear of new ones. Once you know what to look out for it is easier to avoid.
The above are the tricks of the career fraudsters. However, suppliers and customers can commit fraud against you too. Suppliers may double invoice in the hope you won’t notice, and customers may fail to pay, pretending it is some fault on your side. It is therefore worth researching the people you intend to work with to find out what their reputation is.
Google will help but don’t just check the directors and the company name, also check their phone number (often used through different iterations of the same company) to see how legitimate they are. Do a credit check, do they pay on time or do they have CCJs (County Court Judgements) which are only obtained when a company has failed to pay their debts, even after a court has ordered them to? Whether a potential customer or a supplier, that tells you that you can’t trust them.
Look at their social media, read what they say on their accounts and then at their reviews. Ignore the glowing five-star reviews, they may be friends and family, or even bought. The critical reviews, and how they respond to that criticism, will tell you far more about the company and its attitude to its customers. We all get that one customer that you can’t reason with, so you should expect some issues, but look at the pattern of their responses.
However careful you are it is very easy to get caught by fraudsters. If you are, don’t be embarrassed, alert the bank and police immediately. Timely notification can lessen the impact and increases the chances of the criminals getting caught. Too often people blame themselves for their stupidity, but the authorities know how convincing fraudsters can be.