Preventing Fraud Begins With A Comprehensive Plan

Summary

• Companies must protect important corporate assets, including funds, intellectual property, and nonpublic customer information.
• Internet traffic, mobile data use and the cloud are forecast to grow exponentially, which exposes systems to additional security risks. More than half of the sensitive digital information flowing today does not have adequate protections.
• A comprehensive fraud prevention plan acts as a padlock for creating greater online and offline security

Most of us take precautions every day to protect our belongings. We lock our cars, our homes and our smartphones. Those same good habits are necessary to protect any business operating in the digital world. Company bank accounts and company data are frequent targets of fraud and theft by a growing number of domestic and international cybercriminals. Yet many companies leave their "virtual doors" wide open to thieves because they may be unaware of the growing risks. 

Worldwide, theft as the result of fraud cost companies an estimated $3.7 trillion in 2013 alone¹. In the United States, the average fraud case cost companies $100,000 per incident and more than 20% of all fraud cases involved a loss of $1 million or more per incident. Once funds have been stolen, they are rarely recovered. 

At Silicon Valley Bank, we are committed to helping our clients protect their assets, including funds, intellectual property, and nonpublic customer information. To help protect assets, we encourage our clients to create a comprehensive fraud prevention plan to secure all valuable assets and prevent and detect theft. A comprehensive plan addresses all potential security risks facing your company and is an essential tool to prepare for future growth, an IPO or acquisition.

Formulating a plan

A comprehensive fraud prevention plan establishes individual roles, responsibilities, and oversight of key risk areas. Just as locking your car is a matter of habit, protections must be integrated into a company's routine activities and practices. Some actions that are part of a plan may be simple, such as separation of duties for invoice approvals and payment initiation. Other actions may require added technology, such as adopting out-of-band authentication or employing protection solutions to secure your online network. The plan should also provide a roadmap of steps to take when fraud or loss is suspected or discovered. Companies at different stages of growth face different security risks, so it's important to create a fraud prevention plan based on the unique needs of your company, based on your life stage and corporate structure. Be sure to update these as your company grows and changes.

To start, identify areas and corporate practices that create the greatest risks. The key areas for most companies include those where company funds, strategic corporate information, nonpublic customer information, and intellectual property are most vulnerable to cybercriminals and fraudsters. Some potential risk areas include: 

• Accounts payable and payments processes
• Accounts receivable and collections processes
• Company operations
• Employee fraud and misconduct
• Network security
• Desktop and hardware security

Communicating and overseeing policies

A comprehensive fraud prevention plan should be cross-functional, encompassing accounting, operations, IT, and other critical areas. While everyone has a role to play in minimizing fraud, one person should be appointed for creating and implementing the plan. In most cases, an executive-level leader or founder is best positioned to oversee development of the plan, as well as regular review and revision. This person should communicate the plan broadly, reviewing key components and responsibilities with new hires and existing employees, optimally on an annual basis. Communicating the plan effectively creates awareness within a company that a plan has been developed and that state and federal response plans are in place, if needed.

Getting started

Once established, a comprehensive fraud prevention plan will help your company better understand and respond to the primary forms of risk and loss. For your plan to be most effective, it must be communicated and adopted across your entire company. Employees at all levels and executives alike will appreciate having well-defined ground rules for enhancing security and practical guidelines for conducting their daily activities, including specific steps for responding to loss or theft.