Quarter 2, 2014

Guide To Protecting Your Business

(Excerpted from a new Safeguard Whitepaper)

According to a 2012 study by the Association of Certified Fraud Examiners, smaller businesses — which typically employ fewer anti-fraud controls than larger ones — suffered the largest losses. Here are 14 fraud-busting ways to protect your small business by stopping the problem before it starts.

1. Use cheques with high-security features such as holograms
Over 1.2 billion fraudulent cheques are written every day, and more than one-fourth of all small business fraud involves cheque tampering. Fortunately, Safeguard Premium Secure cheques are equipped with the latest technology, making it virtually impossible to alter cheques through washing or counterfeiting. You can avoid cheque fraud in other ways, too:

• Always store cheques in a safe, secure location
• Destroy unused cheques from closed accounts immediately
• Require secure passwords for employees who write and issue cheques
• Balance your accounts daily to quickly detect abnormalities
• Use a security pen for handwritten cheques

2. Keep all hard copies for your business under lock and key
All of your company information, records and unused cheques should be in a secure, locked location. Only trusted employees should have access. Copies of critical documents should be kept in a separate location.

3. Know your bank’s policy regarding distribution of funds and understand your liability in the case of cheque fraud
It’s vitally important to read and understand your bank contracts regarding liability for fraud under the Uniform Commercial Code. Be sure to look at the fine print of your deposit account agreement. In particular, focus on your bank’s policy about making the funds available to you that might be subject to a fraud hold. To further protect yourself:

• Take advantage of EZShield^® from Safeguard, included when you order Premium Secure cheques. Regardless of your bank’s policy, this service provides you with a security expert if you fall victim to cheque fraud and helps you restore your business to pre-theft status.
• Monitor bank accounts constantly. The faster you spot inconsistencies, the better.
• Get your bank to help. Most provide free instant alerts to warn you about unusual account activity.

4. Destroy all expired company documents with a cross-cut shredder
You should always use a cross-cut shredder to shred anything that could easily be used by thieves to commit fraud or identity theft. Strip-cut shredders are the least secure. They use rotating knives to cut narrow strips as long as the original sheet of paper, which can be reassembled by a determined, patient thief. Cross-cut or confetti-cut shredders cut rectangular or other small-shaped pieces. This makes reconstruction exponentially more difficult, if not impossible.

5. Change passwords on a regular basis and have a policy that prevents multiple people from using the same user name and password
Password protection is essential in today’s online world. Make passwords long and strong. Combine capital letters with numbers and symbols. Have separate passwords for each account, and change them often — at least every 60 days.

6. Monitor your credit at least one time per year
Checking your credit history will alert you to unusual activity, which may be your first warning that your business is under attack. You can get a free credit report from either TransUnion or Equifax, by calling 1.800.465.7166, or by mailing your request form and photocopies of your required identification to:

TransUnion
Correspondence in English
TransUnion Consumer Relations Department
P.O. Box 338, LCD1
Hamilton, ON L8L 7W2

Correspondence in French
Centre de relations aux consommateurs TransUnion
CP 1433 Succ. St- Martin
Laval, QC H7V 3P7

Equifax
National Consumer Relations
P.O. Box 190, Station Jean-Talon
Montreal, QC H1S 2Z2
Fax: 514.355.8502.

7. Establish a social media policy that identifies what company information employees can and cannot share on Facebook, Twitter or other online portals
If you allow employees to access social media sites at work, make sure they keep their personal life separate from their work life, simply because anything posted to social media isn’t private anymore. In fact, the more they reveal, the more vulnerable they — and possibly your company — become. No matter how safe a particular social medium seems, information can still be compromised, whether through their friends or the site itself.

8. Keep up-to-date anti-virus and anti-spyware software in place
According to McAfee’s State of Security Report, almost a third of small businesses have yet to purchase or implement many of the next-generation security technologies currently available in today’s market. If this is true for your company, do it now — and when you do, be sure to get auto-updating security software.

9. Encrypt your data and use a secure connection for receiving or transmitting credit card information across the Internet
Many small businesses can’t afford IT and security talent, which makes them very vulnerable. Here are some simple steps you can take to protect yourself:

• Use anti-virus software and encrypted connections when transferring sensitive data. Look for https:// in the URL to know that it is safe.
• Keep your most sensitive data on the fewest number of computers and, if possible, segregate it from other data.

10. Perform background checks on all employees
Before hiring new employees, verify their employment history, education and references, and perform criminal background checks, credit checks and drug screenings. Other easy ways to protect your business include:

• Creating an environment of trust where employees feel comfortable stepping forward to provide information about questionable events or behaviour
• Watching for the most common types of fraud in small businesses — billing schemes, corruption involving an employee (bribery or conflicts of interest) and cheque tampering
• Recognizing red-flag behaviour of employees, such as living beyond their means, undergoing financial problems or exhibiting an unwillingness to share duties
• Implementing anti-fraud controls, such as authorizations, job rotations and mandatory vacations

11. Secure your wireless network
A hacker with a simple antenna can break into your network from a mile away. Make sure your company’s wireless network is up-to-date and uses the current, standard WPA2 encryption. Add an additional layer of protection by using the MAC address filtering option in your wireless router.

12. Set up your smartphone with remote tracking and remote wiping to allow you to eliminate all data off your phone if it’s lost
More and more people use their smartphones to access banking and other financial information via the Internet. As technology continues to grow so does the risk of fraud. Plus, apps often store sensitive data in unencrypted plain text. Losing your smartphone could put you at a high risk for identity theft. However, there are some precautions you can take, such as learning about security features and functions on your smartphone and using the strongest passcode protection available to lock it.

13. Have a disaster recovery plan in place in the case of natural disaster or cyber attack
A plan can be as simple as security rules, guidelines and consequences for ignoring them. Another smart thing to do when formulating your best course of action is to conduct an inventory of your credit cards, employee Social Insurance numbers and customer databases. If you don’t know what data you have, you can’t protect it.

14. Fight fraud and reduce risk with Safeguard Secure^® products and services
Visit our online Security Resource Centre for the resources you need to help protect your business. Or contact your local Safeguard consultant for a complimentary cheque fraud risk analysis.

To locate a consultant in your area, call 800.616.9492.