As a small business owner, most state laws will put the responsibility completely on you if you are a victim of cybertheft. If your company bank account is hacked and your money is stolen, tough luck – you should have had better controls in place. Surprised?
Conversely, if your personal account suffers a similar fate, most state laws will hold the banks responsible.
The general reasoning here is that companies should be more sophisticated and knowledgeable than individuals and should have the proper controls and security measure in place. Of course, we all know the reality of the situation is that there is a big difference between a large company with it’s own I.T. staff and a small business. Hackers and cybethieves know this as well and are exploiting the vulnerability of small businesses with fervor. Small businesses have proven to be “soft targets” for cybercriminals.
The Wall Street Journal has been all over this this topic lately and I encourage any small business owner to read the following articles referenced. The knowledge and awareness you gain could very well save you from experiencing a major cybertheft incident.
First came an article about the general problem of hackers targeting small businesses. Standing out in that article is this quote:
About 72% of the 855 data breaches world-wide analyzed last year by Verizon’s forensic analysis unit were at companies with 100 or fewer employees.”
Are you looking over your shoulder yet? Are you wondering how this can happen? Here is a case study of a company that had 1.2million wiped from it’s accounts by cyberthieves in the course of several hours. They thought they had protections in place (firewall and anti-virus), but the systems were not all current and they had no controls on their online banking accounts that would restrict such large withdrawals. (Call your bank NOW and discuss what controls can be implemented)
As we mentioned in the beginning of this article, historically small businesses have been left to fully bear the burden of cybertheft committed upon them. But there is some good news. Two recent court rulings went in favor of small businesses suing their banks to recover funds lost due to cybertheft.
From that article is this quote that sums up the problem small businesses face: “The truth is there are millions of small businesses that have no clue of the sophistication of the threat that is out to get them,” says Brian Krebs, author of Krebs on Security, a blog that covers cybercrime and Internet security. “You’ve got one lady who’s in charge of payroll, and she works nine to five and…God bless her, she’s up against the Russian mob.”
So what can small businesses do? I’ll tackle that topic fully in my next post, but in the meantime, call your bank and put some controls in place that would limit your exposure to theft.