Is Your Small Business Account Safe From Cyber Attack?
Cyber attackers are targeting small companies because they make easy targets. According to new research from the security company FireEye, 77 percent of cyber attacks are now aimed at small and midsized businesses (SMB). Sixty-four percent of SMBs have no security policy in place, and 58 percent of SMB managers don’t see cybercrime as a threat. Also, only 10 percent of cybercrimes reported to police by small businesses result in a criminal conviction.
Cybercrime research and analysis shows that a small business without network security tools is danger of losing a significant amount of money. In fact, funds lost to cybercriminals are declared unrecoverable 68 percent of the time. It’s time to realize that cyber attackers aren’t just targeting big banks, government agencies and utility companies. They’re coming after the bank accounts of hardworking SMB owners.
Why Do Cyber Attackers Target Small Businesses?
Sometimes, attackers target a small business to access data on larger future targets. For example, cybercriminals might target an SMB that supplies components for an aerospace manufacturing company. That aerospace manufacturing company could have a contract with the Department of Defense, which means that breaking into the small business network could be the first step toward launching an attack on the Department of Defense.
Most of the time, however, SMBs fall victim to automated hacking tools. Attackers set up automated hacking systems to probe the Internet, seeking vulnerable websites into which they inject malware. They also send out reams of automated phishing emails and probe IP addresses for vulnerable devices. SMBs become collateral damage in an automated attack designed to steal from as many people as possible.
Attackers know that small businesses don’t use tools like security audits and penetration testing to monitor their networks’ weaknesses. Also, SMBs rarely have sufficient funds to go after attackers and to recuperate their losses. When police look for forensic evidence to prosecute attackers, small businesses often don’t have security tools that can generate network activity logs or other important records about attacks. SMBs are vulnerable before an attack, and they’re often unable to follow through after it’s over. The National Cyber Security Alliance reports that 60 percent of SMBs that fall victim to cyber attacks are out of business six months after the attack.
How Does This Affect Small Business Bank Accounts?
Once a cyber attacker gains control of small business bank account credentials, the attacker can commit two different types of bank fraud.
- Account takeover fraud. Thieves take over an existing bank account or credit card account, using it to conduct unauthorized transactions. For example, the attackers may withdraw money from the account or use the account to make unauthorized purchases.
- Application fraud. A cyber attacker takes credentials stolen from a bank account holder, such as a Social Security number or employer identification number (EIN), and then uses the credentials to apply for credit cards, loans or new bank accounts.
How Can Small Companies Protect Their Bank Accounts?
Follow these simple steps to keep a small business bank account safe from cyber criminals:
- Use business-grade cyber security tools. A consumer-grade antivirus program isn’t enough to secure a business network. Look for network security tools that offer protection against zero-day attacks and advanced persistent threats (APT). Also, look for tools that support not only the business network but also every business endpoint including laptops and mobile devices.
- Train employees to use safe cyber practices. Train employees to recognize today’s most common social engineering attacks including phishing (email), smishing (text message) and vishing (telephone) attacks. Also, train them to create good passwords that are tough to crack, and advise them not to share their passwords with anyone. Additionally, make sure that employees change their passwords as often as possible.
- Manage the document lifecycle. Many small offices are filled with stacks of old documents that contain sensitive information about employees, customers and business finances. Shred these documents on a regular schedule; better yet, use software that encrypts stored information.
Starting a small business and watching it grow can be one of life’s most rewarding experiences, but the risk of cyber attack may scare many self-starters away from the venture. Fortunately, SMB owners can put cyber security tools and best practices in place to protect what they’ve worked so hard to achieve.