
IS THERE A SECURITY THREAT IN YOUR BACK-OFFICE & ACCOUNTS DEPARTMENT?
In a recent study carried out by specialist insurer Hiscox, it was estimated that small UK businesses are the target of 65,000 cyber attacks each day. That's a frightening security threat that is unfortunately becoming greater as we evolve into this new technology era.
And with so many different forms of cyber attacks now coming to light, be it password attacks, phishing and spear phishing attacks, malware attacks and many more, how does the recruitment industry deal with such security threats?
With over 10 years in the recruitment industry, TBOS has heard all types of horror stories these range from email scams, fraudulent invoices right through to in-house staff security breaches. We know too well that Recruitment Directors are quick to protect the security of their client and candidate database but sadly they overlook the security of their accounts department.
For this reason, TBOS has put together some simple processes that we implement as a company which will hopefully help you to minimise the risk for your agency and to ensure all your funds are accounted for correctly.
BANK ACCESS AND AUTHORISATIONS
Banking systems today have the capacity to set up multiple users who each have individual permissions and limits. This can be a great help to directors who want to authorise the payments due without having to enter the payments themselves. TBOS ensures that for each agency online bank account we manage, we have at least 2 users for each bank account, one permitted only to enter payments and the other only to authorise payments (accessible by management/directors). We also require that all payments must have proof of bank details as normal, with an invoice as back up.
PROTECT YOUR PASSWORDS
Maintaining a log of all user names and passwords is important for all systems and portals. It ensures the continuity of the company should someone be ill, leave unexpectedly or be removed from the business. You don’t want to use the same password repeatedly or to rely on one individual’s memory; instead, directors should have a documented password log which itself is password protected so they can access any of the online systems. It’s also important to update passwords if someone leaves on bad terms.
FRAUD/DUMMY INVOICES
When your agency has an invoice finance arrangement, it’s vital that invoicing is done correctly based on approved timesheets. Monitoring invoices as they’re created and checking that the amount matches the invoice finance arrangement, will ensure your back-office team are not pulling more money than is available and causing your agency to be over funded.
COMPANY CREDIT CARDS AND PETTY CASH
Company credit cards and petty cash are prime targets for staff abuse so monitoring the spend and ensuring it reconciles is important. Make sure that staff with company credit cards are aware they cannot spend on personal items and that any funds paid incorrectly will be taken from wages. It’s also a good idea to try and avoid having a petty cash tin as this can also be open to abuse.
CHECK ALL SUPPLIER ‘CHANGE OF BANK DETAILS’ REQUESTS
If one of your suppliers email you to notify you of a change of bank details, it’s extremely important you double check the request. Firstly, is the email address correct? Secondly, find their official company website on Google and contact the number listed on there, call ahead and check that the email request is valid. You can even go one step further by asking for proof of bank details from the company itself, this could be a bank statement or a document with their bank and company logo on. Unfortunately, this type of security threat happens all too often so it is vital that you protect your company and stay vigilant of email scams.
BACK OFFICE CONTINGENCY PLAN
The back office of your company is as important as the sales team; if you don’t have anyone to invoice, conduct credit control or make payments, this essentially knocks out the value of you making a placement. You should always have a “hit by a bus” contingency plan, meaning if your accounts team cannot be in the office, then there should be manuals and checklists in place to allow someone to take over in their place. This means the business can continue to function during a crisis, allowing ill staff a chance to recover as well as giving enough time to find replacement staff if one person suddenly quits or is fired.
KEEP A CLOSE EYE ON YOUR COMPANY PROCESSES & FINANCES
It’s important to review all of these procedures in order to avoid any nasty surprises; whether that be that a staff member has been steadily siphoning money off from the company, abusing the company credit card, or simply that a key member of staff leaves suddenly or has to be let go, leaving you with no way of accessing your own systems. Make the time to continuously review these procedures and watch for new potential problems.
HOW TBOS CAN HELP
TBOS has helped a large number of agencies to outsource their back office and accounts efficiently and compliantly. As part of our business process we continually look for ways to improve the security procedures of our team and of our recruitment agency clients. By deciding to outsource your back office and accounts, you move the responsibility to our specialist back-office team, which ultimately ensures the continuity of your accounts running smoothly every working day.
If you would like more information on how TBOS can help run your complete back-office and accounts processes, you can contact our team on 0345 646 0402.