It’s a chilling moment when a small-business owner discovers hackers have stolen thousands of dollars from the company checking account.
Cybercriminals took an average $32,000 from small-business accounts, according to a December survey of owners by the advocacy group National Small Business Association. And businesses don’t have the same legal protection from bank account fraud consumers have.
The Electronic Funds Transfer Act, passed in 1978, states that it’s intended to protect individual consumers from bank account theft, but makes no mention of businesses. Whether a business is protected depends on the agreement it signs with a bank, said Doug Johnson, a senior vice president with the American Bankers Association, an industry group. If the business hasn’t complied with any security measures required by the agreement, it could be liable for the stolen money, he said.
Any business is vulnerable, but small companies are less likely to have security departments and procedures to guard against online theft than big corporations do. They also don’t have big revenue streams that are better able to absorb losses from a theft. And even if they get the money back, they still have to spend time and money dealing with the hassles of closing accounts and opening new ones.
Sandy Marsico’s company accounts were attacked — twice. Her bank contacted her in December 2014, saying a transfer of over $50,000 to Mexico had been requested from her checking account.
The thieves had obtained the account information; Marsico, owner of Sandstorm Design, a Chicago-based marketing company, still doesn’t know how. The bank did an investigation but didn’t share its findings with her.
Marsico didn’t approve the transfer, the account was closed and a new one opened. But the following November, someone began withdrawing money from the new account in increments ranging from $1,000 to $4,000, a total of $20,000 in the course of a month. Marsico didn’t discover it until she got her monthly statement.
“My stomach dropped when I wasn’t able to identify these as our charges,” Marsico said.
The bank, which again did an investigation but didn’t tell Marsico the results, again reimbursed Sandstorm. Marsico has since moved some of her accounts to another bank.
Thieves are increasingly using realistic-looking emails to trick companies into transferring money from their accounts with what’s known as wire transfers, said Avivah Litan, a security analyst with the research company Gartner. Often, an employee receives an email purportedly from a company executive asking them to transfer the money from the company’s account into a specific external account. If employees don’t check to be sure the request is legitimate, they might go ahead and authorize a withdrawal.
The first attack on Marsico’s account was a wire transfer attempt but didn’t use an email to her company.
The FBI reported in August that more than 7,000 U.S. companies had been victimized in emailed attacks since late 2013, with losses of more than $740 million. The government said the number of identified victims had surged 270 percent between January and August of last year. Most of the thieves are believed to be in organized crime groups in Eastern Europe, the Middle East and Africa.
Source: Joyce M. Rosenberg, The Associated Press
How Can Axiom Cyber Solutions Help?
Axiom Cyber Solutions is offering a Managed Firewall, Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business. And don’t worry, there are no upfront costs for the device and you can cancel at anytime.
Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call today for your free consultation.(800) 519-5070. #FightBackWithAxiom