Protect your construction company against cybercrime and employee fraud

Listen or watch now:

No one wants to think they could be the victim of employee dishonesty or cybercrime, but the unfortunate reality is that it’s becoming more and more common. This week’s episode is all about awareness of the types of fraud you may encounter and how to protect yourself.

Topics we cover include:

  • How common employee fraud and cybercrime are 
  • Examples of fraud in construction companies 
  • How insurance can protect you from employee dishonesty, theft, cybercrime, and social engineering attacks
  • Internal controls that can protect you and how applying for insurance can help you put them in place

Subscribe for free resources and to be notified of future episodes at


Rob Williams, Profit Strategist |
Wade Carpenter, CPA, CGMA |
Stephen Brown, Bonding Expert |


[00:00:05] Rob Williams: Welcome to the Contractor Success Forum. Today, we are discussing employee dishonesty, cyber crime in the construction industry. 

At the Contractor Success Forum, we discuss financial strategies for running a more profitable, successful construction business. Check out our show notes and rate our show. You just go to the main episode, all the way down past all those episodes and rate this wonderful show. If you liked this show. If you don’t like the show, don’t rate us. 

All right, thanks. So today we have our three long-term construction industry professionals. We have Wade Carpenter with Carpenter and Company, CPAs helping contractors nationwide to become permanently profitable for over 30 years.

And Stephen Brown, a construction bond agent with McDaniel-Whitley bonding and insurance agency, with over 30 years of experience underwriting and placing bonds for you as a contractor.

And me, Rob Williams, your profit strategist with IronGate Entrepreneurial Support Systems, driving profit in your business with decades of vertical integration as a contractor, manufacturer, aviator, and financial strategist in the construction industry. 

Man, all these years and years of wisdom and experience of old guys, your Contractor Success Forum. Old, we’re old. Kind of like the car talk guys, so we’re, we’re old construction talk guys.

Today. Alright, man, this is, it’s a big topic. And Stephen, until we started talking about this, I didn’t even know you did that is like an underwriter. Tell us about that.

[00:02:00] Stephen Brown: Well, one of the hats that I used to wear in a former life is a fidelity underwriter. And fidelity just means employee dishonesty. And an underwriter is someone that decides whether writing an insurance policy for your business makes sense or not. 

So, there’s different types of insurance you can buy to protect your construction company. And a lot of contractors don’t think about it, but I myself have had four fidelity related claims this year alone in our office. 

[00:02:29] Rob Williams: Wow. Tell me while you’re talking about all those, that amazing statistic, because you’re not the first person I heard this statistic from. I heard this and didn’t believe it a month ago, from a whole different source. So the Association of Certified Fraud Examiners said that 6%, not of our profits, but 6% of the average company’s revenue goes away to fraud.

That is phenomenal. That is unbelievable. We used to budget in one or 2% slippage for theft. And we were probably really low. We probably had the other percentages just built in, but that was theft on the job sites and things like that. Because we were home builders, scattered all over the place. It’s probably a lot worse than a commercial site might be. 6% of our revenue! What in the world? Is that right, Stephen? 

[00:03:23] Stephen Brown: 6% of your revenue to employee related losses. And you know, what does that mean? Predominantly employee dishonesty. Say you have a job and whoever’s ordering the materials, orders extra materials and sells them on eBay. That happens a lot in construction.

And then last month, an employee was making up a fictitious licensing company for getting licenses from different states from the company, and just bleeding off a little here and there. I ended up getting $370,000. It’s big money. 

A contractor of mine whose key employee– and it’s always the person you trust most, Rob and Wade, that steal from you. Maybe it’s because they’re in a position to do it, but just bear that in mind. She was a little old lady with orthopedic shoes and long gray dresses and a big bouffant hairdo. And she fell in love with a drug dealer. He was in his thirties and she was head over heels and she stole about $680,000 before she was caught.

And she cried and the guy dumped her and ran off, of course. And the contractor didn’t press charges. They had been around together. That’s your decision to make. But it happens, and it happens all the time.

[00:04:37] Rob Williams: Wow.

[00:04:39] Wade Carpenter : As one of the old guys you guys were talking about, I’ve seen over the 30 years plus that I’ve been in doing this, many different ways people steal from you. And exactly what Stephen said is, sometimes it’s the one you trust the most. They think you’re making more money than you are, or, they have something health-wise happen to them.

And then maybe it’s just like, we’ll take it once and then we’ll put it back. But then they need, they take it twice and it just rolls. And there are different schemes. People will create invoices for fictitious companies. I’ve seen one where they had all these gas cards, Exxon or whatever, or credit cards. They started paying their own credit card because there was no control over it.

There’s a lot of things where, we had one where somebody was buying desks and stuff like that from Office Depot, and then they’d go back and return it for cash. There’s several schemes like that.

[00:05:34] Stephen Brown: Yeah. And think of the folks that are limited to not being able to spend more than a thousand dollars in any one transaction that end up making 500 $1,000 transactions and stealing money. It doesn’t have to be complicated, but like we were talking about, it’s someone usually in a position of trust is stealing from you, and it’s almost impossible to to see that. You not only have the betrayal of that key person that’s stealing from you, but you also have the financial loss from it. You can insure against the financial loss of it.

[00:06:12] Rob Williams: You were talking about the types, what was it? The types of theft that you categorize? Is it the type of insurance?

[00:06:19] Stephen Brown: It’s insurance. The products out there that you can buy. And one of the great things about that…

[00:06:25] Rob Williams: What we’re saying is, isthere aree two ways to protect against it: one internal controls, but then you also get the insurance. 

[00:06:31] Stephen Brown: Well, there’s Employee dishonesty and theft insurance. That’s just, that’s one policy. There’s fund transfer fraud insurance. There’s computer fraud. There’s employee fraud that may end up costing you money, but they’re not specifically stealing from you. And then the last one is social engineering. That’s the hot one right now.

Social engineering sounds more complicated than it is, but it’s just someone making up bogus invoices, that sort of thing. One example that happened was someone that was informed by a vendor that they had shut down their accounting system for auditing purposes and they needed money wired to a different account.

They wired money to that different account on that invoice. Only 30 days later, when that vendor was following up for their money, hey, we never got paid. Yeah, you did. Well, you paid someone else. That’s an honest employee mistake, but that’s social engineering-type plans.

[00:07:33] Rob Williams: Wow. So that was from an outside person, tricking them. So that was not from inside.

[00:07:39] Stephen Brown: Right. And people get confused about employee dishonesty versus cyber coverage. Cyber coverage sounds like, oh, that’s something way out of my bailiwick, but we had a customer get ransomwared, a contractor. People that hacked into their computer. 

There’s also situations where you might have a project manager that has a laptop and it doesn’t have the right security on it. They lose it and someone finds it and hacks into it and gets all your vendor information. And the thing about the cyber coverage, it covers to protect you when you have to, by law, go to those people and tell them your information’s been hacked. 

You say, well, why do I have to do that? Who’s going to know about it? If they do find out about it, they’re going to throw you under the bus. And different states have tougher crimes. So the insurance policy helps you to go do some spinning. So, spin control over you not losing insane amount of face over what happened. 

It may be just simply that you had no internal controls on your computer. That’s embarrassing, but it doesn’t matter what kind of internal controls you have. Hackers can get in it. So this cyber crime is something that you can buy. And as a general rule, if you get an application for employee dishonesty and cyber crime, and you can answer yes to most of those questions, you’ve got good controls in place.

So when I said, well, why would I buy the insurance if I have these good controls in place? Because it’s going to happen, it’s just gonna happen.

[00:09:02] Rob Williams: Yeah. So, that was one thing. The insurance, some people say, well, I don’t want to pay somebody to insurance. I just want to fix it myself and protect against that, or thinking the money is kind of a waste to pay that. But the fact that you get insurance, you’re kind of forced into, or have the opportunity, I wouldn’t say forced, to fix a lot of the things when you buy the insurance because of the process you go through when you’re going through the applications. I know I went through something like that before, and we actually made a lot of changes in our company to get those insurance or bonds or different things that made us less susceptible because we had that insurance through that process, we protected ourselves. It’s almost like hiring a consultant when you do that, because you learn a lot when you go through that process, plus you get the insurance. 

You fix yourself at the same time that you’re getting insurance. Is that kind of fair to say Stephen or Wade?

[00:10:00] Wade Carpenter : Well, I’ve seen definitely some things like wire fraud. I think we’re going to have an upcoming episode about some of things that, I couldn’t believe that happened. And that, Stephen, you can comment on this. I heard about all this and, we have to protect confidential information, but the cyber riders on the policy, from my standpoint, what I looked into, it’s way cheaper than having to deal with something like that. Is that true, Stephen?

[00:10:29] Stephen Brown: That’s absolutely true. It, it, it really is. And if you get the policy, like you said, Rob, your internal controls are pretty good. So it’s going to be harder to get the cyber coverage now than it was . But it’s worth it. Also, a lot of the companies will let you endorse onto your policy this social engineering, which is a whole separate limit of coverage that has to do with a third party coming in and stealing from you.

That’s social engineering. You can get, like on Traveler’s policy, you can get a a hundred thousand dollars endorsement added on to the employee dishonesty policy, and then another a hundred thousand dollars added on to the cyber policy that they offer. And then have $200,000 worth of protection that you ordinarily couldn’t get.

[00:11:18] Rob Williams: One of the other things, the compounding effect of what this costs. Even though somebody might steal 50,000 or a hundred thousand dollars from you in an incident, that may cost you a lot more than that a hundred thousand dollars. Cause it may be the cash control that puts you out of business.

So it may cost you a few hundred thousand a year because they took that hundred thousand dollar cash flow that you can’t survive on your business anymore.

[00:11:46] Stephen Brown: Sure. And you’re building up your assets in the company. You’re building up your cash in the company and someone steals it. Any company that’s got cash or assets to be stolen, people are gonna steal from. And that’s why I think it’s so important to protect it. And so few people talk about this. 

Also, what happens when you catch someone stealing? It depends. You want to try to get back as much money as you can, but especially when drugs are involved, that money’s spent so fast.

[00:12:16] Rob Williams: I’ve heard that so many times. Like, well, why didn’t you press charges? Like, well, it was going to cost me so much and I already got hurt. I don’t really want to spend any more money to go after somebody that doesn’t have any money because it’s all gone. I’m not going to get any of it back.

[00:12:32] Stephen Brown: Let your insurance company deal with that. They’ll go after him if there’s anything. 

[00:12:38] Rob Williams: -you had insurance, if you didn’t have insurance, they won’t go after him.

[00:12:41] Stephen Brown: Right. But insurance will pay you and then they’ll go after them.

[00:12:46] Rob Williams: Okay.

[00:12:47] Stephen Brown: I’m just saying. The good companies will go after them. Because even if you go to jail, you can get a little bit of something and a judgment, getting your money back and believe me, they’re going to do it.

[00:13:00] Wade Carpenter : There are times that people do not press charges and I don’t understand why. I mean, I know you get personally attached to these people. And a lot of times it’s not, you can’t believe they actually did it. But you know, the only way you actually deter somebody from doing that is pressing charges. And a lot of times that money is already spent.

[00:13:21] Rob Williams: When I’ve talked to a lot of people that haven’t done it, it’s because they don’t want any more losses and the lawyers said, well, you can pay me, but it’s going to cost you more to hire me as a lawyer to go after this person, then you’re going to get back.

So you’re not going to be made whole, and you probably won’t even get that. That’s the conversation I’ve heard many times.

[00:13:44] Stephen Brown: You don’t have to press charges to file an employee dishonesty claim. You just have to prove that they stole from you.

[00:13:52] Rob Williams: Yeah.

[00:13:52] Stephen Brown: And that’s sad because a lot of white collar criminals get away just for that very reason, but they still have to be in a position of trust. Like this lady who got in with this cocaine dealer, this young cocaine dealer, she had been working for him for 37 years, which is crazy. You never know, that’s a sad story, but there’s lots of them out there. And a lot of people don’t talk about it. When you get hacked, you don’t want people to know, but you’re forced to by the government regulatory authorities, when your people steal from, you know what people don’t know, hey, I am an idiot. They stole from me. Well, how they do it? Oh, it was really easy. Yeah. I just left my checkbook out on the desk and they forged my signature. That’s the simplest way in the world to steal from someone, but it happens every day. 

Luckily, If you’ve got a great CPA like Wade, they’re going to catch you. You’re going down when they come in and do their review and audit. But having an extra set of eyes. Having employees take a two week vacation, key employees, because it’s amazing how they’ll be juggling things. And it comes up in a couple of weeks. 

You might say, well, I can’t enforce that. Yeah, you really can. Especially if it’s a CEO or a comptroller or someone in a position like that. 

[00:15:10] Rob Williams: it’s been really interesting in my experience. I can think of two times. One in particular, when we had a group coming in to look at our company and all of a sudden my key employee, who is handling a lot of the financial stuff and the bids and stuff went out, wouldn’t come to work for about a week or two. Suddenly got ill and never made it to one of these group meetings.

And it was just an immediate trigger. We actually never really figured out what happened because the person disappeared. But it was very obvious that something was going on. There’ve been so many stories about that and I bet as an underwriter you must’ve seen lots of crazy stuff.

[00:15:52] Stephen Brown: Over and over and over again. Yeah. Just tons of different companies, and different situations. We talk about it all the time. One of my underwriting buddies, we’ve always said for years that if we ever went bad, we would be two of the greatest white collar criminals around because of how warped our minds are.

But also by seeing so many different claims, you see that there’s ways that people get smarter about doing it. And then the most simple ways in the world that you just overlook. You’re just like, ah, how’d I let that happen? So it’s a combination of both. So anyway, the insurance, the applications, that sort of thing, discussing these things with your accountant, putting internal controls management procedures in place. This is something that’s very easy to do, but you’ve got to monitor it.

[00:16:43] Rob Williams: I think maybe you could write this detective novel instead of going and committing the crimes, why don’t you could like write this exciting novel. My daughter’s going into film. You all could get it and make a film, a motion movie, exciting- 

[00:16:57] Stephen Brown: Who knew insurance could be so exciting, Rob? It’s fascinating.

[00:17:02] Rob Williams: Insurance and and… 

[00:17:04] Stephen Brown: I don’t know why everybody isn’t an insurance agent.

[00:17:06] Rob Williams: The excitement that We have at the Contractor Success Forum. It’s unbelievable! Unbelievable here.

[00:17:14] Stephen Brown: That’s our closing advice. You can insure this stuff. Do something.

[00:17:19] Rob Williams: I’m still floored by 6% of the revenue. I kept thinking much of the profit or something, but that is not, I’ve heard that statistic multiple times and it is just unbelievable to me.

[00:17:34] Stephen Brown: Yeah. Million dollars in sales. That’s $60,000. What if you’re doing 20 million?

[00:17:39] Rob Williams: I would think that would be the example, but that is just phenomenal. So if you’re not looking at it and protecting it, I guess that means we got to take our head out of the sand and look at this stuff. So if we’re not being aware of it, that might mean that we’re one of them.


[00:17:57] Stephen Brown: Right.

[00:17:59] Rob Williams: Any closing statements, Wade?

[00:18:01] Wade Carpenter : Just, I’ve seen it too. And it’s always the one you least expect. Don’t think it can’t happen to you.

[00:18:08] Rob Williams: Yep. So just expect that you’re normal because it’s happening because a lot of people, they actually get embarrassed to talk about it because they let it happen. You’re normal if it happens. Don’t be afraid to talk to people about it. Don’t be embarrassed about it, even though it might be kind of embarrassing, do something about it. So you don’t have to be embarrassed about it. 

So, thanks a lot. And we’ll have some other people on here. I know we’ve got another guest that we might bring in about the IT part, specifically. But that is just phenomenal. I’m just still in shock of how much can happen. 

So. We are here at the Contractor Success Forum. We have Wade Carpenter, Carpenter, and CPAs. He’s helping contractors nationwide become permanently profitable. And Stephen Brown, the construction bond agent with McDaniel-Whitley bonding and insurance agency with a big cyber crime theft background that we didn’t know about it. Yeah, okay, punch them out, man. Protect them. 

And me, Rob Williams, with IronGate Entrepreneurial Support Systems, driving profit in your businesses. Go to ContractorSuccessForum.Com. Listen to us and knock them out. Knock them out, Stephen. That’s right, man. So if you guys can’t see it on the podcast, Stephen’s giving us a great boxing demonstration here.

All right. Thanks for listening to our show and we’ll see you on the next episode.

Posted in


Leave a Comment

Listen or watch now:

GET notified of future episodes!