Unless you’ve been living under a rock, you’re probably well aware of the ongoing epidemic of consumer and business fraud in our global economy. The statistics on consumer fraud are staggering: the 2016 Identity Fraud Study, prepared by Javelin Strategy & Research, stated that $15 billion was stolen from 13.1 million consumers in 2015. What many of us don’t realize is that online business fraud is just as bad - if not worse. The average total organizational cost of a data breach over three years was $7.01 million in the U.S. (2016 Ponemon Cost of Data Breach Study)
Businesses are hemorrhaging money due to online fraud, and not doing much about it. One in ten US respondents to the Global Economic Crime Survey 2016reported that they had never completed a fraud risk assessment. This lack of action can translate into huge losses, as FDIC fraud regulations only cover personal accounts (not business accounts). Consider the case of Mark Patterson, the owner of PATCO Construction in Sanford, Maine. Mark lost upwards of $500,000 to cyberfraud, and he’s not alone. So what can you do to protect your business?
Understand that no business is too small - it can happen to anyone. You might think fraud only happens at huge companies that you see on the news (think Target’s huge data breach in 2013). However, small businesses are much more vulnerable than larger ones. Large companies have the resources to stay on top of security measures, so they’re much harder to target. Cyberthieves are looking for bigger balances in less secure accounts, and small businesses fit the bill.
Safeguard your business accounts. Here are a handful of steps you can take to defend your accounts from an attack:
- Separate your personal accounts from your business accounts. If you’re subject to an attack, you’ll at least have walled off part of your assets.
- Check your business accounts every day for any unauthorized transactions. Contact your bank immediately if you find any.
- Secure your business mail - either through private P.O. box or by dropping off mail directly at the post office.
- Use one dedicated computing device for online banking. Multiple devices increase the risk of cyber attacks.
- Get in touch with your bank and understand what kind of protection they offer from cyber attacks, like fraud alerts or device- and location-based access restrictions.
Implement security measures for all business systems. Keeping up-to-date anti-virus software and firewalls is a lot of extra work, and a place where many businesses become vulnerable to an attack. If you or your employees are unable to keep up, consider outsourcing this task to a security expert that specializes in your field. If your customers make purchases via an e-commerce site, you’ll need to defend it from cyber criminals as well. Take a look at CIO’s list of the 15 Ways to Protect Your E-commerce Site from Hacking and Fraud. Implementing dual-step processes throughout your business processes can help with security as well - having a two-step login process for employees, or dual approval for online transactions, for example.
Protect your business from employee fraud. Cyber fraud can also come from internal sources: your employees. Before hiring any employee, the US Small Business Administration recommends running a background check. Train employees on how to handle financial data carefully and spot threats. Teach employees never to open unknown attachments or links in email - they can quickly give cyber criminals access to your business accounts.
Plan for the worst. Even if you take all the steps mentioned above, your business could still be subject to online fraud. The best way to protect yourself is by purchasing an insurance plan for cyber liability insurance cover (CLIC). Make sure to also have a response plan ready in the event that a breach occurs. Understand the laws in your state regarding notification of customers, and work with all the major stakeholders in your business (both internal and external) to craft a plan.
The concept of online business fraud is pretty terrifying, especially considering the lack of federal protection against it. There’s no foolproof way to stay safe, but taking precautions and purchasing insurance will set you on the right track to protecting your business.