A couple of months ago, there was a lot of media coverage about a cyber related attack concerning two small businesses in New Hampshire. We further highlighted some of the impacts that small businesses face when they are impacted directly or indirectly by cyber attacks. What is important to point out in all of these instances continue to show businesses, no matter the size, and even homes need to place an importance on security and ensuring that they are taking steps to improve their security.
Here are three introductory case studies that you can review and learn more about to understand the importance of security and how, sometimes, small businesses are easier to target.
Volunteer Voyages – leads volunteer efforts to developing countries
- Attackers stole $14,000 through fraudulent withdrawals from owner’s business account
- Cyber attack commandeered the debit card owner used to cover the costs of trips overseas in support of business
- Businesses are not protected if their accounts were stolen in a cyber attack
- Bank refused to cover loses; further cost for litigation against bank would cost more than settlement
Wright Hotels – hotel property investment and development
- Hacked email account; impersonated owner and transferred over $1 million to China
- Attacker gained access to business owner’s Outlook calendar and made withdrawals during scheduled meetings so that the owner could not notice any unusual activity.
PATCO Construction – residential construction
- Cyberattack which withdrew over $500K from accounts
- Attackers added a Trojan to the company’s systems and captured online banking credentials; attack also resulted in company having to pay interest on overdraft loans from the bank
- Filed suit against bank – spent $1.2 million in costs for $200K settlement
Ultimately this is something that impacts us all. Businesses are treated differently than individual card holders. The Uniform Commercial Code, requires Banks to offer business customers a “commercially reasonable” security protocol. That should be a good thing right – we should be protected. The UCC says that if the bank follows that protocol, it can refuse to reimburse businesses that are victims of fraudulent money transfers. And in these cases, and more like it, banks are showing that they do provide reasonable security protocols and are therefore not responsible for these type of fraudulent activities.
Take precautions, learn from what has been done before and take an active approach to security in your business.