Areas of

Fighting fraud: Small business edition

Thursday, September 23, 2021 @ 2:11 PM | By Jennifer Lynch and Margot Mary Davis

Jennifer Lynch %>
Jennifer Lynch
Margot Mary Davis %>
Margot Mary Davis
A phishing scam targets a small business. An employee steals from a small family-run business for over 18 months.

The above scenarios are unfortunately all too common. While fraudsters target businesses of all sizes, small businesses are at a heightened risk of fraud and are more likely to suffer greater financial losses. In Canada, businesses with less than 100 employees account for 38 per cent of occupational (employee) fraud victims but businesses with 100 to 1,000 employees account for 24 per cent of occupational fraud victims. Cyber fraud costs small businesses $1,088 per employee versus $284 per employee for larger businesses.

Small businesses are often at a heightened risk of fraud because they might not understand how prevalent fraud is and do not have proper protocols in place to fight fraud. For example, a 2019 study showed that a solid majority, over 65 per cent, of small business owners believed that they would not be victims of cyberthreats and over 40 per cent of Canadian small business owners do not have defences against cyberthreats. Even if concerned about fraud, some small business owners might feel that they do not have the money and resources to fight fraud.

To help small businesses, we have provided examples of common types of external fraud and employee fraud and listed cost-efficient ways to fight fraud below.

Common external threats

Due to the COVID-19 pandemic, a significant increase in fraud has occurred. While some fraudsters have “cashed in” on COVID-19, there has also been an increase in generic types of fraud that existed pre-pandemic. For example, phishing scams grew by over 200 per cent since the advent of the pandemic. Some phishing scams explicitly mention COVID-19 or pretend to be from the WHO. Phishing scams will steal sensitive information and phishing is one of the most common method of installing ransomware on a computer.

Some current scams are threatening calls, e-mails or texts from “banks,” the “Revenue Agency (CRA)” or “utility providers” asking for money or gift cards. Scammers have also sold fake or expired PPE to businesses. Charity scams saying that donated money will go to COVID-19 patients or research are currently targeting businesses. In reality, the money is going to line the pockets of the fraudster.

Occupational theft

It is tempting to view fraud as exclusively the actions of external actors. However, that is far from true. As mentioned earlier, statistics show that occupational fraud is quite common. The three major types of occupational fraud are asset misappropriation, corruption and financial statement fraud; asset misappropriation accounts for over 85 per cent of occupational fraud. 

With a growing number of people facing economic difficulties due to the COVID-19 pandemic, more occupational fraud might occur. An employee whose spouse was laid off might find themselves in the role of the sole breadwinner and might steal from a cash account to “make up” for the difference.

Targeting fraud

Below, we have some evidence-based, cost-effective tips to fight fraud. While a business can never completely eliminate the risk of fraud, it can significantly reduce its chance of being a victim of fraud.

Be aware of common indicators of fraud

Banks, utility providers and the CRA will never send hostile, rude or threatening messages. Please note, the CRA does not send text messages to Canadians and does not ask for payments in gift cards or crypto currency. Phishing websites often look slightly off, are poorly written and have incorrect URLs. Charity scams often guilt people into donating, use overly emotional language and use names that are similar to legitimate charities.

With respect to occupational fraud, an employee living beyond their means and never taking a vacation are red flags

Practise due diligence

Taking a moment can often save a business from being a fraud victim. If a small business owner receives a call/message from the “CRA” or a “bank,” they should call the bank or the CRA to see if they actually contacted them. Confirm that a charity is a CRA-registered charity. Registered charities are not perfect but they are at least not scams. One can research a charity on the CRA’s “List of Charities - basic search” feature. 

Make your workplace fraud-hostile

A small business owner should ensure that measures are in place to combat fraud. As noted earlier, many small businesses do not have defences against cyberthreats. Small businesses should strongly consider purchasing anti-phishing software. Additionally, they should provide anti-phishing training seminars for employees; numerous anti-phishing seminars are available online for free or at a low-cost.

Similarly, small businesses often lack internal controls or have weak internal controls against occupational theft. In businesses with less than 100 employees, 42 per cent of frauds are caused by a lack of internal controls, in contrast to 25 per cent of frauds in businesses with more than 100 employees. Small business owner can implement inexpensive internal controls like rotating employees on tasks, deleting former employees’ system access immediately after they leave, changing passwords and requiring two signatures on cheques. Small businesses should implement a fraud reporting hotline; businesses that have such hotlines have smaller losses (50 per cent smaller) from fraud. Frequent, unannounced audits are also an invaluable tool in fighting fraud. Many fraud examiners provide audit services at a reasonable price.

Employees detect and report 53 per cent of cases of fraud. Employers should provide training to employees on how to catch occupational theft. When “fraud training for employees” exists, the median loss for a company is 38 per cent less than when no training exists.

A fraud-hostile workplace does not only include practices; it also includes attitudes. The Association of Certified Fraud Examiners 2020 Report to the Nations notes that a “poor tone at the top” was a common risk factor for occupational fraud and a poor tone at the top affects all employees. Officers and directors of small businesses should be exhibiting top ethical behaviour. Do not be a “profit by any means necessary company.” Pressure to meet financial targets is correlated with more occupational fraud. 

Additionally, insular workplace cultures attract fraudsters. A small business is more likely to be an insular culture than a larger business. Small business owners should ask for divergent perspectives on the business from the board of directors to combat insularity. Relatedly, small businesses should have formal hiring processes and not just word of mouth hiring processes that attract “yes man” family and friends.


Fraud is an unfortunate common reality for businesses. With our advice, businesses can fight fraud proactively.
Jennifer Lynch is an accomplished forensic accountant and business owner. Lynch is a Chartered Professional Accountant, Certified Management Accountant and a Certified Fraud Examiner who has a reputation for expertise, quality service to clients and professionalism. You can reach her on LinkedIn. Margot Davis is a lawyer proficient in several areas of law and has a great interest in health law and health policy. Davis has numerous publications and freelances as an editor.

Photo credit / Jack_Aloya ISTOCKPHOTO.COM

Interested in writing for us? To learn more about how you can add your voice to The Lawyer’s Daily, contact Analysis Editor Peter Carter at or call 647-776-6740.