Every small business owner wants to know how to increase sales, improve their marketing, motivate their employees. But first, let’s make sure we keep your company safe—your data, your money, your physical premises. Having survived in business for over 25 years, I’ve picked up a few tricks along the way—and learned a hard lesson or two as well.
In 2012, I got rid of my company’s server, moving virtually all our data to online services. While you may fear being hacked if you store this stuff online, the reality is you’re far more vulnerable keeping your data and accounts on your premises. Your physically-based server (not to mention your computers, laptops, and phones) can be compromised by damage or theft. Sure, you may plan to back up online regularly, but do you actually do it? After disasters—such as hurricanes, fires, earthquakes—one of the greatest problems facing small businesses is they’re not able to access their accounts. That makes both getting back to work and receiving disaster recovery funds more difficult than if you’ve got your data in the cloud.
I have learned the hard way that for ALL online services and for my company’s website, I—and only I—must be listed as the Administrator. Sure, you trust your IT person, website designer, or your tech-savvy nephew, but things happen. If you’re not the Administrator, one disgruntled techie can hold you—and your data—hostage. You don’t have to be a technological genius to be the Administrator. Every small business owner should be listed as the Administrator of every one of their online services and sites.
I knew a small business that was embezzled out of hundreds of thousands of dollars. How? The comptroller set up phony businesses that billed the company relatively small amounts for years. The owner trusted this comptroller completely and neglected to examine the accounts payable closely. Know what—and who—you’re paying for.
Years ago, my accountant told me to never have the same person who opened the checks also deposit the checks. Why? Those payments might not actually end up in my account. We still get paid primarily by checks from our customers (mostly large institutions), and I check on every check. Of course, it’s harder for employees to steal deposits when you instead get paid by credit card or electronic funds transfers (see next point).
Sure you hate paying those fees when you accept credit cards instead of getting cash, but a cash-rich business is a target in many ways. First, you are more likely to be the subject of a robbery—thieves are far more interested in cash than credit card receipts. Next, it’s more tempting for some of your own employees to steal from you if there’s lots of cash on the premises. This doesn’t mean you shouldn’t accept cash, but make it easy for customers to pay you in cash-less ways.
When was the last time you changed the keys to your office, warehouse, or plant? You’ve probably had dozens of employees who’ve had those keys over the years. Change your keys regularly.
Still using your birthday or your dog’s name for your password? Cut that out. You need different—and tough—passwords for each site you use. Of course, that’s awkward and tough to remember. Consider using a password manager, like LastPass, 1password. Store your password(s) in a locked safe. And whenever possible, and for all your financial and critical sites, use two-factor authentication, requiring you to also respond to a text or an email when you want access.
If you are a dishonest businessperson—if you cheat your customers, lie to your vendors, pay workers under the table or get paid under the table—your employees are going to be far more likely to be dishonest too. As the business owner, you set the tone, you demonstrate what behavior is acceptable. If you are the kind of person who cheats others, don’t be surprised if others cheat you.
Copyright Rhonda Abrams, 2019
This article originally ran in USA Today on October 9, 2019