On the way to work this morning I listened to an interesting NPR piece on cybercrime. What I learned is that as a small business, your bank is not responsible for covering loss due to cybercrime. Unlike your credit card company, who will reimburse you for fraudulent transactions, banks are under no obligation to do so.
The small business owners interviewed for this audio news article recounted their experiences, some who lost millions, trying to hold their bank accountable. Most were not successful.
One business owner’s email address and password was compromised. Cyber thieves hacked his email account, impersonated him and transferred more than $1 million through U.S. domestic accounts to an account in China. Once his email account was hacked, the thieves had vast and intimate knowledge of his life and business practices.
Of the bank representatives who would go on record with a response, the position is that businesses should abide by the Uniform Commercial Code which should incent small businesses to take proper security actions within their own organizations. In other words, it’s the responsibility of the small business owner, and not the bank, to protect their financial assets. The bank is only responsible for putting prudent and reasonable measures into place.
The American Bankers Association has these recommendations for small business owners:
- Educate your employees;
- Change passwords often;
- Require two-person approval for fund transfers;
- Dedicate a single computer to be used only for financial transactions.
These recommendations shouldn’t come as a surprise- you’ll find them included in many of the past blog articles we’ve published.
To listen to this NPR newscast in its entirety, go here.
Orion Group Managed Services offers Security Management consulting support and assists our customers in its design and implementation. Contact us today!