In 2010, financial fraud cost small businesses in the US more than $8 Billion, during a time when most small businesses didn’t have money to lose. Much of this loss came from credit card fraud and from so-called “friendly fraud” perpetrated by company insiders.
Many small businesses owners do not make security a top priority. IT security is lax and often too many of their employees have access to sensitive information.
Small businesses that do not employee an IT professional should have a policy in place to limit internet activity on networked company computers to that which is necessary for work and to not open links or files from unknown sources. Sensitive company information should be password protected and access should be limited to only those people in the company who need it. If employees need smart phones or tablet computers for work, those contracts should be managed by the company so the company can have tighter control over them and can shut them down when necessary. Software is also available to remotely wipe lost phones. All laptops, smart phones and tablet computers should be password protected and all losses should be reported immediately.
Physical security is also very important. Employees should be aware of who is in the office and question anyone that they don’t recognize. Access to the office after business hours should be limited.
Most importantly, employees should be aware of security practices and reminded of them on a regular basis.