Embedding Sound Risk Management Practices into an Organization
Core principles for risk management adoption within an organization.
A new report from Javelin Strategy & Research has concluded that small- and mid-sized businesses are a prime target for financial fraud. The "2011 Small Business Owners Identity Fraud Report: How SMBO Fraud Rates Impact FI Revenues and Retention" from the analyst company concluded that while fraud rates have declined significantly, the comparative SMBs are still at 17 percent higher risks compared to consumers. According to the company website, the questions asked for the most recent survey are "identical or very similar" to those asked in earlier surveys conducted in 2009 and 2008 as part of efforts to ensure that longitudinal trends can be observed.
As reported on InformationWeek, Phil Blank, senior research analyst, security risk and fraud at Javelin Research thinks there are several reasons why SMBs are at increased risk from financial fraud. This ranges from the lack of formal processes and procedures in place where security practices and credit card operations are concerned, as well as the lack of dedicated IT staffers assigned to the task of fraud prevention and detection.
Below are a couple of interesting nuggets from the findings that may prompt SMBs to pay just a little more attention to the task of eliminating financial fraud:
Interestingly, the report noted that "many of the tools and techniques used in the consumer market can be successfully used by financial institutions and issuers to help protect [small and midsize businesses]." My interpretation of this simple piece of advice is this: SMBs can greatly enhance their level of protection without having to resort to esoteric measures or expensive security software.
In my mind, traditional defenses such as installing a trusted and reliable anti-malware application, regular patching and updating of software and even periodic training of employees to inform them of the latest social engineering tricks are measures that can effectively help SMBs reduce their security risk profile.