Preventing business fraud - checklist

Password being input online

The 2023 Cyber Security Breaches Survey reported that 32% of UK businesses recall a cyber attack in the previous 12 months. Cybercriminals are growing more sophisticated in their attacks, stealing data and financial information. Small businesses can no longer afford to ignore the threat from cybercrime. These tips show you how to prevent fraud on a tight budget.

  • Beware of external fraud, such as phishing - when someone attempts to gain sensitive material such as credit card details by masquerading as a legitimate entity, often a bank. If in doubt, check directly with your bank. Hacking and corporate identity thefts are also threats.
  • Ensure that only the relevant employees have passwords to secure data or access to credit cards. Check that any expense claims are valid, and keep an eye on receipts from your petty cash tin. Take appropriate measures to deter fraud, and investigate any suspected instances.
  • Train employees in data security. They are often the weakest link in your security and phishing attacks set out to deliberately target this weakness.
  • Spot fraud by keeping an eye out for unauthorised payments, or for other companies impersonating your business or directors.
  • Prevent corporate identity fraud by making sure that Companies House has the correct details for your business, or enrol for the more secure electronic PROOF scheme.
  • Set up and reassess internal control systems. Ensure that your finance team or accountant check bank and credit card statements thoroughly. Shred all sensitive documents before recycling them.
  • Validate new customers with credit agencies. Keep an eye on your current customers' accounts too, to look for trends such as delayed or slowing payments. If you think you may have a problem with a customer, get additional trade references or use credit insurers.
  • Conduct an internet search for common misspellings of your business name to check that no one is impersonating you online. Not only could businesses with a similar name poach your customers, but if their reputation is bad, yours could be damaged by association.
  • Review your IT security. Your business could be at risk from hackers or in breach of the General Data Protection Regulations if sensitive data such as your customers' details or your intellectual property is stored unprotected on your server.
  • Make sure your virus software, password protection and firewalls are up to date and working.
  • If you discover internal fraud, ensure that it is clear who will lead the investigation, how to deal with the suspects and at what stage you will involve the police, if necessary. If you discover external fraud, consider getting legal advice before proceeding.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.