The Agency Insider with Linda McGlasson

A Blind Eye to Cyber Crime?

Small Businesses Think It Won't Happen To Them
A Blind Eye to Cyber Crime?

It's almost like it was written to be a movie script. The victims blindly walk into a huge trap plotted by the villains. The crime? Fraud -- lots of it. In the end, the villains get away with the proceeds, leaving the hapless victims penniless.

Problem is: This crime is not just playing out on the movie screen; it is happening in real life. Recent ACH fraud victims can attest to this fact. Ask Village View Escrow, PATCO construction or Choice Escrow.

Yet, despite these high-profile incidents, the results of a recent survey from the National Cyber Security Alliance say that small businesses are oblivious to the dangers they face from cybercrime. This statement should be a real wake-up call for not just the small businesses, but also the institutions that serve them.

Small business owners polled by Visa and the NCSA say they increasingly believe investments in cybersecurity are not justified by actual online threats, and the majority of cybercrime is focused on attacking large companies.

This attitude is manifested in practice, as 75 percent of owners say their employees have received less than three hours of network and mobile device security training in the past year, with 47 percent saying their employees received zero hours of training.

According to the Visa survey, more than 85 percent of small business owners believe that they are less of a cybercrime target than large companies, and 54 percent believe they are more prepared to secure sensitive customer and corporate data than large businesses. In addition, 84 percent agree that they have the policies and procedures in place for keeping data and computer systems secure.

The findings are surprising in light of growing concern from security experts and law enforcement that hackers and cybercriminals are honing in on small businesses as their new targets. In October, Ukraine authorities arrested a number of individuals who allegedly stole $70 million from U.S. bank accounts in an elaborate scheme targeted at U.S. small and medium-sized businesses.

What can financial institutions do to help raise awareness among their business customers? For a start, institutions of every size need to do much more to reach out and talk to their commercial account holders, educate them about the need for cybersecurity and sound security policies. Think of holding a "security 101" class for your small businesses to help them get up to speed on what they need to do to protect themselves and their customers. Along with creating some goodwill among your small business account holders, you'll be doing double duty in protecting your interests as well. Imagine having to tell the same businesses that their commercial accounts were hit in a corporate account takeover scheme and they're out thousands of dollars, or that their point of sale terminal shows that it has been swapped and a hacker has taken hundreds of their customers' credit card numbers. Doing right by educating your customers is a great start. If you're already doing it, do more.

If you've not got the time or manpower to educate your small businesses, at least point them in the right direction to where they can find the information they need to protect their networks and customer data. Small businesses can find basic help online at Visa Security Sense, or at the Payment Card Industry Security Standards Council's (PCI SSC) small business site.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.