Keeping your small business safe


Conduct background checks on potential employees, vendors, suppliers, and customers.

  • Self-reported information on applications isn't reliable
  • References aren't helpful since they're either shills or won't provide subjective information
  • Develop applications and forms that ask the questions you need answered
  • Get approval to run credit reports

Put secure financial protocols in place

  • Segregate cash functions so that receiving cash is separate from disbursing cash and signing checks is separate from reconciling accounts
  • Restrict access to your master file of vendors
  • Restrict access to your master personal files for payroll
  • Insist on finial approval of all employees, vendors, suppliers, and customers
  • Pick up and drop off the mail yourself

Conduct frequent, irregular audits

  • Personally open bank statements and reconcile accounts monthly
  • Conduct periodic audits of vendor, supplier, customer, and payroll accounts, but do them on an irregular schedule
  • Conduct periodic audits of inventory on an irregular schedule

Put secure credit card protocols in place

  • Be wary of someone who buys an unusually large number of big ticket items
  • Don't accept a card that cannot successfully be swiped or whose chip doesn't work
  • Don't agree to speak "with a bank" about a card that isn't going through
  • Have separate personal and business credit cards
  • Ensure each salesperson has their own POS password

Put secure IT protocols in place

  • Back up regularly to a secure external hard drive as well as an online server
  • Block pop-ups on your computers
  • Keep anti-virus, firewall, malware, and spyware software up to doate
  • Require regular password changes
  • Block access to some websites from work computers
  • Consider having a separate computer for banking and finance

Build a culture of security

  • Have an anti-fraud policy
  • Provide anti-fraud training for staff
  • Explain how damaging fraud can be to the company
  • Include yourself in all security protocols; someone should check your work too
  • Put an anonymous third party hotline in place