How to Protect Your SME from Fraud

Everyone has seen the damage a recent cyber-attack caused to Marks and Spencer’s profits. Yet, in today’s digital landscape, SMEs are equally at risk of being victims of fraud. Indeed, SMEs are often targeted as cybercriminals assume they lack robust security measures put in place by larger organisations. Research carried out by Visa in

November 2024 showed that 41% of SMEs had been victims of fraud. 

Fraud prevention methods can be time-consuming and involve a cost; however, they should not be ignored, as the potential time and money lost, should your business be a victim of fraud, are far higher.  Here are some ways you can help protect your SME from fraud – 

Passwords and Authentication 

• Make sure to use strong, unique passwords for every account. These should be at least 12 characters and use a mix of letters, numbers, and symbols.

• Enable multi-factor authentication where possible, especially on bank and email accounts. 

• It sounds obvious, but never share online banking login details or passwords with anyone. 

Emails and phone scams 

• Embrace a healthy scepticism when it comes to your emails. Some fraudulent emails are strikingly obvious with questionable spellings, etc, but others can be highly sophisticated. I once received an email from someone posing as the managing director asking me to make a payment. The email conversation went back and forth, and he became increasingly rude, so I picked up the phone to speak to the actual MD, only for him to tell me he had no idea what I was on about. So, if you receive an email from a colleague requesting payment out of the blue, or they’re engaging in a way unlike their usual self, my advice would be to pick up the phone and double-check the payment with them directly. 

• Do not click on links or open attachments if you are even a tiny bit suspicious. 

• Scammers have been known to pose as legitimate businesses or individuals reaching out to customers to let them know their bank details have changed. They may have intercepted emails and therefore have information to make them sound authentic. If someone contacts you out of the blue, either by phone, letter, or email, informing you that their bank details have changed, ensure to verify this by contacting the organisation directly on a number you trust (such as a number on a previous statement). 

• Never provide sensitive or personal information to an unsolicited caller, and don’t feel rushed or panic – a genuine organisation won’t mind waiting. 

Devices and Software 

• Use firewalls and antivirus protection on all devices, which help protect external sources from accessing sensitive data. 

• Ensure you always apply security updates for any antivirus tools, software, and operating systems. 

• Avoid using public wi-fi when accessing financial information, and use a VPN if away from your office. 

Payments 

As an SME, online payments will be a regular occurrence in your day-to-day operations, so you must have systems and processes in place to make these as safe as possible. 

• Always use reputable payment gateways such as Stripe, Xero, or PayPal. 

• Make sure your website is SSL encrypted. 

• Monitor your bank account daily for any unexpected changes or withdrawals. 

Financial access 

• I recommend to my clients that they have restrictions on who can access financial accounts and software, with permissions based on people’s roles. 

• Use dual controls for any large or unusual transactions. 

Organisational policies 

• Create and maintain a cybersecurity policy that is communicated to all staff. 

• Regularly update and train staff on how to spot suspicious activity and things to look out for. 

• Create an incident response plan that details what to do if you are unfortunate enough to be hacked. The Financial Ombudsman has information on how they can help here. 

• Consider taking out cyber insurance, which may help with recovery costs should a breach happen. 

Should you need any help or advice on this topic, please do not hesitate to contact me, and I will be happy to help.