Cybercrime and small business: How to address evolving threats

Published on

“Who’d go after a business like mine?”

That’s a common misperception: that cyber thieves only go after big targets, like Equifax, the Pentagon or, yes, Target. Those massive data breaches might convince you that your company can escape notice.

Not true: Cybercriminals go after the firms that haven’t boosted their data defenses — and more than 70 percent of cyber attacks target small businesses, according to the National Cyber Security Alliance.

Your data is more valuable than your money

While cyber thieves still covet your bank account, banks utilize advanced fraud-protection systems to thwart them. So criminals keep developing sophisticated ways to go after your data directly. They use social engineering—playing off an honest person’s trust—to trick you into sending them your hard-earned money or precious data. For example:

Imagine you’re on the road. A member of your HR team gets an email, ostensibly from you: “I’m traveling and need the employee payroll files. Please forward.” HR knows you’re away, so dutifully sends along the files — complete with social security numbers and other private data that will quickly be for sale on the dark web.

Welcome to the brave new world of cyber theft. Today’s hackers are not only IT savvy, they’re also savvy business people. Cybercrime is their full-time job, and their business model is finding new ways to attack yours. Sometimes they penetrate your systems and wait for six months before they strike.

No wonder why 60 percent of small- and mid-sized business fail six months after a data breach, according to the National Cyber Security Alliance. The economic and reputational fallout can even be worse than the breach itself.

Cybersecurity isn’t an IT issue. It’s a business issue. And the cost of prevention is minimal compared to the cost of a recovering from a cyber fraud event.

Every business needs a cyber awareness plan

How can you plan head? Like any security issue, you need levels of mitigation.

At home, your doors may have a bolt lock, a chain and an electronic alarm system — three layers of protection. A burglar will skip your house and go where the back door is unlocked.

The same principle holds true for your business: the more levels of mitigation you prepare, the more likely a cybercriminal will look elsewhere.

Start by forming your own cyber awareness advisory council of key players:

  • Your IT manager, to make sure you have:
    • an off-site, segregated network for your intellectual property and financial information;
    • a systematic process to back up files to that site; and
    • a protocol for changing passwords regularly (keeping them somewhere safer than a desk drawer);
  • Your accountant, who can help review your internal controls and safeguards, especially determining who has—and needs—access to your banking and other important records;
  • Your insurance agent, to provide liability coverage for a breach — not to mention business interruption costs and recovery fees;
  • Your lawyer, to make sure you report the attack according to disclosure laws;
  • Your public relations advisor, who must be ready with an action plan to manage the blow to your business’ reputation; and
  • Your banker, who should know your plan and how it can dovetail with the bank’s own protections.

You’ll also want to ensure your bank offers a positive pay service. It enables them to compare the checks you write against the data in their system. Most banks offer a form of positive pay. If yours doesn’t, that’s a red flag.

The time to bring your team together is now - before an attack

A successful cyber awareness plan requires training, refresher courses, and regular drills to keep employees up-to-speed on the emerging threats. In a data breach, you’ll all have a carefully thought-out and well-practiced plan — getting your business back to normal faster.

The fact is, cyber security isn’t something you delegate. You’re the one in charge — and the one who’ll deal with the backlash from a data breach. The good news is, you don’t have to face the problem alone: With the advisors and resources at hand, you can take steps now to make your business more secure from now on.

Laurance A. (Larry) Selnick, CTP, Director, Treasury and Payment Solutions Sales, at Webster Bank has nearly 40 years of experience in cash management systems and bank operations.

You may also like


Save for college and get financial aid

Financing education is a hot topic, with as many myths as there are facts. Does saving now eliminate eligibility for financial aid later? Are 529 plans a bad idea? Saving shouldn’t be stressful, and the benefits of saving for college can be…


Do you have the six C’s of good credit?

Considering refinancing a loan? Or borrowing money to pay for a big expense? With interest rates still low, and more financial institutions willing to lend, this may be the right time to consider accessing capital.

It’s also a great time to…


Refinancing considerations in the midst of COVID-19

While we all adjust to the challenges of the COVID-19 crisis, these conditions call for rethinking budgets and reviewing plans. At Webster, we’ve been connecting with customers and businesses discussing ways to mitigate the financial disruption the…

General Disclosures

The opinions and views in this blog post are those of the authors, and are not intended to provide specific advice or recommendations for any individual. Please consult professional advisors with regard to your individual situation.