Cybercrime and small business: How to address evolving threats

Published on November 6, 2018 | Laurance A. (Larry) Selnick

ÒWhoÕd go after a business like mine?Ó

ThatÕs a common misperception: that cyber thieves only go after big targets, like Equifax, the Pentagon or, yes, Target. Those massive data breaches might convince you that your company can escape notice.

Not true: Cybercriminals go after the firms that havenÕt boosted their data defenses Ñ and more than 70 percent of cyber attacks target small businesses, according to the National Cyber Security Alliance.

Your data is more valuable than your money

While cyber thieves still covet your bank account, banks utilize advanced fraud-protection systems to thwart them. So criminals keep developing sophisticated ways to go after your data directly. They use social engineeringÑplaying off an honest personÕs trustÑto trick you into sending them your hard-earned money or precious data. For example:

Imagine youÕre on the road. A member of your HR team gets an email, ostensibly from you: ÒIÕm traveling and need the employee payroll files. Please forward.Ó HR knows youÕre away, so dutifully sends along the files Ñ complete with social security numbers and other private data that will quickly be for sale on the dark web.

Welcome to the brave new world of cyber theft. TodayÕs hackers are not only IT savvy, theyÕre also savvy business people. Cybercrime is their full-time job, and their business model is finding new ways to attack yours. Sometimes they penetrate your systems and wait for six months before they strike.

No wonder why 60 percent of small- and mid-sized business fail six months after a data breach, according to the National Cyber Security Alliance. The economic and reputational fallout can even be worse than the breach itself.

Cybersecurity isnÕt an IT issue. ItÕs a business issue. And the cost of prevention is minimal compared to the cost of a recovering from a cyber fraud event.

Every business needs a cyber awareness plan

How can you plan head? Like any security issue, you need levels of mitigation.

At home, your doors may have a bolt lock, a chain and an electronic alarm system Ñ three layers of protection. A burglar will skip your house and go where the back door is unlocked.

The same principle holds true for your business: the more levels of mitigation you prepare, the more likely a cybercriminal will look elsewhere.

Start by forming your own cyber awareness advisory council of key players:

• Your IT manager, to make sure you have:
  • an off-site, segregated network for your intellectual property and financial information;
  • a systematic process to back up files to that site; and
  • a protocol for changing passwords regularly (keeping them somewhere safer than a desk drawer);
• Your accountant, who can help review your internal controls and safeguards, especially determining who hasÑand needsÑaccess to your banking and other important records;
• Your insurance agent, to provide liability coverage for a breach Ñ not to mention business interruption costs and recovery fees;
• Your lawyer, to make sure you report the attack according to disclosure laws;
• Your public relations advisor, who must be ready with an action plan to manage the blow to your businessÕ reputation; and
• Your banker, who should know your plan and how it can dovetail with the bankÕs own protections.

YouÕll also want to ensure your bank offers a positive pay service. It enables them to compare the checks you write against the data in their system. Most banks offer a form of positive pay. If yours doesnÕt, thatÕs a red flag.

The time to bring your team together is now – before an attack

A successful cyber awareness plan requires training, refresher courses, and regular drills to keep employees up-to-speed on the emerging threats. In a data breach, youÕll all have a carefully thought-out and well-practiced plan Ñ getting your business back to normal faster.

The fact is, cyber security isnÕt something you delegate. YouÕre the one in charge Ñ and the one whoÕll deal with the backlash from a data breach. The good news is, you donÕt have to face the problem alone: With the advisors and resources at hand, you can take steps now to make your business more secure from now on.

Laurance A. (Larry) Selnick, CTP, Director, Treasury and Payment Solutions Sales, at Webster Bank has nearly 40 years of experience in cash management systems and bank operations.