Small Businesses Lack Proper Security Policies
Many small businesses, from industries as diverse as retailers to professional services firms, are not as protected as they should be from increasingly sophisticated and rampant fraud schemes such as business identity theft, mobile malware and money mules, according to an online survey of 803 small business owners by Harris Interactive and sponsored by Bank of the West.
The study, "Fighting Fraud: Small Business Owner Attitudes about Fraud Prevention and Security," found that while 95 percent of small business owners take steps to prevent fraud, only 18 percent are using two person controls, and just under half (49 percent) neglect to conduct regular checks of the business' financial and inventory departments.
While 52 percent of respondents said they have used online browsing protection tools, only 36 percent have business data security policies in place, and only 41 percent of small businesses have a written policy concerning remote networking, email and Internet safety procedures for their company—despite the fact that 69 percent said employees' personal computers are used for work.
"Small businesses are particularly susceptible to fraud because they have fewer resources. Yet, the impact of the resulting losses is usually much greater than for larger businesses," Michelle DiGangi, executive vice president of small and medium enterprise banking at Bank of the West, said in a statement. "Through our close relationships with business owners, we've seen first-hand how devastating fraud can be on them. Fortunately, there are precautions–which in many cases are fairly simple to execute–that owners can take to better protect themselves from being victimized and improve the overall security of their organizations."
The research also found that in general, when the owners have been victims themselves they are more likely to be extremely or very concerned about the potential for fraud (62 percent of victims versus 45 percent of non-victims).
The survey indicated small-business owners who have not been victims of fraud were more likely to believe their payment collection accounts are not at all vulnerable to fraud (47 percent of non-victims versus 24 percent of victims), less likely to take additional steps in the next year to prevent fraud (32 percent versus 50 percent) and, among those who do not utilize any fraud prevention tools, are significantly more likely to perceive fraud risk as low (49 percent versus 15 percent).
Just one-third of businesses surveyed said they use centralized payroll and approved vendors and only 30 percent use fraud prevention services such as ACH Positive Pay, ACH Block, Stand Alone Positive Pay, or Reverse Positive Pay, despite the fact that the AFP Payments Fraud and Control Survey found 61 percent of organizations have experienced payment fraud.
"I was surprised to see that just about a third of small business owners plan to take additional fraud prevention steps this year," David Pollino, fraud prevention officer and senior vice president at Bank of the West, said in a statement. "Often, owners expect banks to protect their transactions. While banks play a large role in safeguarding businesses, businesses also have responsibility for taking steps that will counter these increasingly sophisticated security attacks and make themselves less vulnerable."