Alana Muller:
Welcome to Enterprise.ing, a podcast from Enterprise Bank & Trust that's empowering business leaders one conversation at a time. Each week, we'll hear from top business professionals about lessons on leadership and entrepreneurship that they've learned along the way. I'm your host, Alana Muller, an entrepreneurial executive leader whose primary focus is to connect, inspire and empower community. We at Enterprise Bank & Trust thank you for tuning in to another episode.
Hello, listeners. Welcome back to Enterprise.ing Podcast. Today, we're revisiting two insightful conversations that every business owner needs to hear. Our episodes with Janet McHard, a forensic accountant specializing in fraud prevention, and Shawn Tuma, a cybersecurity and data protection attorney.
These experts shed light on how fraud affects businesses, and more importantly, how you can protect yourself. A major theme that stood out for me: fraud is personal. Whether it's an employee you trust committing financial fraud or a cyber criminal exploiting your network, the emotional and financial toll can be devastating. So, today, we're pulling together the best fraud prevention tips from both of these conversations to help you stay ahead of the risks. For business owners, the biggest risk comes from trusted individuals, long-time employees, business partners or vendors. And when fraud happens, it's not just about the money.
Janet McHard:
If someone steals from you, it feels like a personal attack.
Alana Muller:
So, how do you protect your business? It starts with internal controls and awareness. One of Janet's biggest recommendations for business owners is to put strong financial controls in place, because fraud often happens when one person has too much access or authority. Some best business practices include the following: First, segregate duties. The person who writes checks should not be the same person reconciling the bank account. Secondly, require dual approvals. For major transactions, ensure at least two people sign off. And third, conduct regular audits. Even if you trust your team, external audits help uncover red flags. Small businesses often skip these controls because they trust their employees, but fraudsters rely on that trust. That's why Janet's firm focuses on small to midsize businesses, where these issues are more common. On a similar note, Shawn Tuma, an expert in cybersecurity law, warned that small businesses should never assume they're too small to be targeted.
Shawn Tuma:
There is no such thing as security by obscurity. If you have a server, even if you don't have a website, even if you're using Gmail, whatever, they will find a way to get to you.
Alana Muller:
One of the biggest cyber threats today is social engineering. These attacks happen when fraudsters manipulate people into giving up sensitive information, often through phishing emails or phone calls. Shawn shared simple, but critical, cybersecurity practices that every business should implement. The first: use strong passwords. Don't reuse them across sites. Another idea, enable multifactor authentication. This adds an extra layer of security beyond just a password. And finally, train employees to recognize phishing scams, because one wrong click can shut down your entire network.
Shawn Tuma:
Cyber is the one area where right now everything can be going fine, and with one click of a mouse, five minutes later, your whole network shut down.
Alana Muller:
That's why proactive employee education is just as important as technical security measures. And a very interesting statistic from Janet's episode was that 97% of fraud cases she investigates are reactive, not proactive.
Janet McHard:
Nobody believes that they're going to be a victim of fraud. Nobody does. So, of our entire client population, less than 3% of our work is proactive.
Alana Muller:
This means most business owners don't think about fraud until it's too late. The lesson here is to start prevention measures now before fraud happens. Shawn echoed this sentiment on the cybersecurity side. Too many businesses suffer from paralysis by analysis, which means they get overwhelmed by cybersecurity threats and do nothing. Sean encourages listeners to start with the basics.
Shawn Tuma:
90% of your risk is stuff that is within your control. And so, what I try to encourage businesses to do is start with a real-life risk assessment. And I'm not talking about some magical document that's all complicated. You're just trying to learn what your real risks are. Where are you most vulnerable? What type of data do you have? Where is it? What do you rely on the most? All of these kinds of things. What does your network look like? Who's helping you protect it? What's your line of business? And then from there, start with the basics. You may not fix every problem with the basics, but look, let's make sure we've got backups, backups of data. Let's make sure we're using good, secure password policies. Let's make sure we're using protected Wi-Fi with a firewall or a VPN, or things like that. We're not using a remote desktop. There are lists of basic best practices. They may not be perfect, but they're a heck of a lot better than doing nothing. So, start there.
Alana Muller:
That's it for today's episode of Enterprise.ing. If you found this episode helpful, please subscribe and leave a review on Apple Podcasts or share this episode with a fellow business owner. And if you want to dive deeper into these insights, go back and take a listen to my full conversations with Janet McHard and Shawn Tuma. Both are linked in the show notes to today's episode. Thanks for tuning in.
Thanks for joining us this week on Enterprise.ing. Be sure to visit our website, enterprisebank.com/podcast to subscribe so you'll never miss an episode. If you found value in today's program, please consider leaving a review on Apple Podcasts or telling a friend about us. Enterprise.ing, powering business leaders, one conversation at a time.
The views expressed by Enterprise.ing presenters or guests are those of the presenter or guest, and not necessarily of Enterprise Bank & Trust or its affiliates. All content of this podcast and any related materials are for informational purposes only. Enterprise Bank & Trust does not make any warranty, expressed or implied, including warranties of merchantability and fitness for a particular purpose, and specifically disclaims any legal liability or responsibility for the accuracy, completeness or usefulness of any information presented. Enterprise Bank & Trust is not under any obligation to update or correct any information provided in this podcast. All statements and opinions are subject to change without notice.
