The thieves who use computers instead of weapons to draw money out of business bank accounts are increasingly targeting small to mid-size businesses. Once, if you weren’t a billion-dollar company, you were less likely to be hacked by cyber criminals. That’s no longer the case. Consider these recent statistics:
- The FBI reports that 7,000 US companies lost more than $740 million to email-based crimes in the past 2 years.
- The National Small Business Association conducted a survey of small business owners. Those who had been victimized by cyber crime reported losing an average of over $30,000. Smaller businesses have recently been more heavily targeted because they typically don’t have the security resources that larger companies employ.
These criminals – many from outside the country – use a number of scams to gain access to your shop’s bank accounts. Among the most reported methods are:
- Emails or phone calls requesting account information from legitimate sounding sources. Anyone in your business who has access to bank, credit card or debit card information should be cautioned to never give out such information without verifying the source. No government agency, including the IRS, will use these means to request sensitive data. Likewise, financial institutions and credit card issuers will not make such requests or ask you verify information via email or phone.
- Malware, usually attached to an email, can be unwittingly downloaded to your computer system by hackers seeking access to your accounts. Anyone using a computer or network that allows access to your accounts should never open a suspicious email or click on an unknown Web link. Even if you recognize the email sender, but something doesn’t look normal, don’t open it. Hackers can steal email address and send out bogus emails.
- Holding your data hostage is one of the latest cyber crimes. Again, dropping malware into your computer system that enables thieves to deny you access to your own files unless you pay a ransom (usually in bitcoins) has hit big and small businesses alike.
- Old school methods, including copying credit card, debit card or bank check account numbers, and placing surreptitious card readers in gas pumps or ATMs to grab your account information are still being used.
If your business does fall victim to these criminals, what is your recourse? Unfortunately, the Electronic Funds Transfer Act that requires financial institutions to protect its customers applies to consumers, but not businesses. That means that your recourse is based solely on the agreement you have with your bank, and is subject to your company taking all of the security measures included in the agreement. That’s why, if you don’t have an internal security team, your best defense is to consider consulting an outside security firm and to make certain that your staff is well trained in cybercrime defense.