Protecting Your Business from Fraud

Follow these steps to help protect your small business from fraud.

Small businesses are facing unprecedented levels of fraud. You need to be alert — and frankly, a bit skeptical — to protect your business. According to PwC, companies participating in a 2020 fraud survey reported an average of 6 fraud incidents in the last 24 months. The survey also estimates that the losses to US companies from fraud over the past 24 months totals a staggering $6.5B.

Common Fraud Tactics

Businesses are under attack from multiple angles. Cybercriminals might target a business’s data looking for stored financial or personal information that they can use or sell. Or, a criminal might try to install ransomware on a business’s network that cuts off the business from its own data. Then, fraudsters will extort money from the business as ransom for return of their data.

Another more common fraud tactic is business email compromise, in which a criminal persuades a target to take a particular action, such as sharing sensitive information or wiring money. This is often done through social engineering or phishing. Jeff Kennedy, Executive Vice President at Regions Bank explains that an increasing number of business owners are falling for this type of scam — in part because fraudsters have gotten more sophisticated and targeted in their approach. "They have done their research on your business," he warns. "They are going to be convincing, so you have to be on guard. We have seen examples of incredibly well-done phishing emails, and we have seen customers lose millions. It can be devastating."

Fraud Protection for Your Business: Tips to Follow

First and foremost, be skeptical, urges Kennedy. "We are way too trusting as human beings. Yes, you are focused on running your business, but all can be lost by being too loose with information and not adopting a protective posture."

Additionally, follow these fraud protection tips:

  1. Before clicking on a link, hover over it and check where the link actually leads. If it looks strange or ends in an unfamiliar suffix, do not click. For example, would be a safe link to click, while is unfamiliar and potentially unsafe.
  2. Install proper firewalls and security software that includes email and web protection. Patch and update your systems regularly.
  3. Establish a robust employee training and security awareness program that includes regular testing and compliance.
  4. Encourage all employees to set up two-factor authentication and security protocols for company payments. "Always use dual authorization. Make sure your process for fulfilling payments isn’t all in the hands of a single employee," says Kennedy.
  5. Monitor your online bank accounts and business credit frequently. "Review your accounts daily. If you make it part of your routine, you’ll pick up on fraudulent activity much faster," says Kennedy. In fact, daily reconciliations may lead to earlier identification and, therefore, higher likelihood of recovery. If possible, you may even consider intraday reconciliations.
  6. Take advantage of your bank’s alert features and establish internal controls to prevent payment fraud.
  7. Shred documents containing sensitive information before discarding.
  8. Change your passwords frequently.

By staying alert, training your staff to do the same, and embracing security practices, you can reduce the likelihood of your business falling victim to fraud.

For more tips to help safeguard your business against fraud, visit


This information is general in nature and is provided for educational purposes only. Information provided and statements made by employees of Regions should not be relied on or interpreted as accounting, financial planning, investment, legal, or tax advice. Regions encourages you to consult a professional for advice applicable to your specific situation. Information provided and statements made by individuals who are not employees of Regions are the views, opinions, or positions of the individual who made the statement and do not necessarily reflect the policies, views, opinions, and positions of Regions. Regions makes no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information presented.