How Small Businesses Can Prevent Cyberfraud

• May 27, 2016
• Business Law

In 2015, NPR wrote about cyberfraud, interviewing several business owners who had been victimized by online attacks. One of the victims was a Seattle businessman whom thieves were able to impersonate online, sending several emails from his email address to his bookkeeper that authorized the transfer of more than $1 million to a bank account in China. And, like other business leaders interviewed for the story, he learned that the bank would not reimburse him for his losses. Unlike private citizens, businesses have little recourse when their company accounts are compromised. If hackers should gain access to your customers’ credit card or debit card information, banks would reimburse your customers for any fraudulent charges. Even so, customers may resent you for failing to protect their information, which is a scenario that could hurt your business. Cybercriminals become more sophisticated every day, so to defend against cyberfraud, businesses must keep up with the latest threats and institute policies that protect their assets and their customers.

Create Account Alerts

Cyberthieves will usually attempt to siphon money out of an account over a period of days, as one large lump sum might draw the bank’s attention. One of the simplest ways you can protect your bank account is to set up account alerts. You can choose to receive a text message or email alert the moment a transfer or withdrawal from your account occurs, so if that transaction is fraudulent, you can contact your bank immediately to freeze your account.

Use Strong Passwords, Change Them Frequently

According to one IT firm, the worst online password in 2014 and 2015 was: 123456. Hackers spend a lot of time trying to guess passwords, so don’t make it easy for them. If any online password you use includes a pet’s name, a child’s name, or your birth date, change it – cyberthieves often dig for personal information that could help them guess words and numbers you might include in passwords. The strongest passwords are those that contain a mix of numbers, symbols, and uppercase and lowercase letters. And use a unique password for each one of your accounts.

Use Two-Factor Authentication

If thieves should get access to your email account, they could easily visit the various websites you use, impersonate you, and request a “password reset” email. Many banks thwart cybercriminals by using two-factor authentication, meaning they don’t just send an email with a new password. Most commonly, the person requesting a new password must also provide a code that the bank sends to the user’s mobile phone. If your bank doesn’t offer two-factor authentication, your accounts could be at risk. You can check the website TwoFactorAuth.org to see which banks and other businesses offer this protection.

Research Vendor Security

The massive online data breach in 2013 that compromised the credit card and debit card information for millions of Target’s customers highlighted an important lesson for businesses: Third-party vendors can be a great threat to your security. Hackers were able to gain access to Target’s data by sneaking in through a back door – at least one employee of a company doing work for Target had fallen for an online phishing scam, which in turn caused a virus to be installed on that company’s computers. The virus then stole the company’s login credentials for the Target network, which enabled hackers to steal the customer card data. When entering into a business agreement with a vendor, it’s good to include a clause in your contract that outlines security expectations and liability, should a breach occur.