Waking up one day to find all the money drained from their small business bank account is every entrepreneur's worst nightmare.
While entrepreneurs may think their money is secure in a small business account at their local bank, the truth is, they aren't protected from one of the fastest-growing crimes: cybertheft. Unlike personal bank accounts, by law small businesses accounts are not insured by banks, or the Federal Deposit Insurance Corporation, when money is stolen by cyberthieves.
Marc Kramer, president of the Commercial Deposit Insurance Agency — the first company to offer small businesses cybertheft insurance — said this comes as a shock to most business owners, since many see signs posted all around their bank regarding the money being insured by the FDIC. [Protect Your Website: How to Fight DDoS Attacks]
While the FDIC does protect account holders should there be a bank failure, it doesn't protect small businesses from the repercussions of someone hacking their account and stealing their money, Kramer said.
"No small business bank account is protected against cybertheft," Kramer told BusinessNewsDaily. "If you have a small business and you open a bank account, no matter what the bank is, and your account gets hacked and your money is stolen, the bank has no liability."
With more and more businesses using online banking, the opportunity for cyberattacks is growing exponentially. The amount of money stolen from small business bank accounts in 2011 reached $1 billion, according to the FBI, and it's tripling every year.
"If your computer gets broken into and they get your (bank) username and password and move your money, whether you are a business, nonprofit or trust account, then you can say goodbye to that money," Kramer said.
There are many ways crooks can get their hands into a small business bank account. Beyond hacking into a computer and finding username and password details, crooks can use details from Facebook or LinkedIn pages to help discover passwords. Kramer said cybercriminals can easily scope out those social media pages and use sophisticated software to create different permutations of username and passwords.
Cybercrooks also employ the trick of emailing small business owners while posing as the local bank, asking the entrepreneurs to call an 800 number to verify account information. While the email may look and sound official, it isn't.
"Amazingly, people will verify their username and password for these con men," Kramer said.
Small business owners are also vulnerable when using an open Wi-Fi network, like those at local restaurants or coffee shops. Kramer said nearby hackers are trolling through everyone's computers to see whose they can get into and what information they can download.
Should they get ahold of bank account numbers or online usernames and passwords, the money is quickly stolen. For those who already use online banking, Kramer said thieves can easily move the money to one of their own accounts. For those who don't, thieves can just as quickly set up an online account to start pilfering the money.
"You don't have any recourse with the bank," Kramer said. "People have sued the banks and lost, because the law is clear."
Unfortunately, there are plenty of examples in just the past five years. According to the New York Times, Golden State Bridge, an engineering and construction company based in California, was robbed of more than $125,000 when cybercriminals hacked into its bank account. The thieves got into the account after an office manager had visited a social networking site that infected her computer with malware that the company's anti-virus software did not detect. The hackers then used the office manager's username and password to rout the stolen money to eight other banks across the country.
“People think, 'It'll never happen to me,' but these are incredibly sophisticated criminals, and we're not IT experts,” Ann Talbot, Golden State’s chief financial officer, told the New York Times. "When you work for a big company, you have a full IT staff and you're locked down like Fort Knox. When you work for a small to midsize company, you're not locked down at all."
In 2012, a California escrow firm, Efficient Services Escrow Group, had more than $1 million stolen from its bank account by hackers. According to security blogger and former Washington Post reporter Brian Krebs, the hackers wired money from the company's bank account to accounts in China.
That effectively ended the business, since the California Department of Corporations gave the firm three days to come up with money to replace the stolen funds.
"Three days later, with Efficient no closer to recovering the funds, the state stepped in and shut it down," Krebs wrote.
For small businesses that have their accounts wiped out, it spells almost certain doom. According to Symantec, nearly 70 percent of small businesses go out of business within a year when hackers steal a username and password and pretend to be the owner of the bank account.
"As a small business, you can't afford to lose $10,000, $20,000, $30,000 or $40,000," Kramer said.
Since there is little recourse, Kramer said it is vital to ensure usernames and passwords are heavily guarded and difficult to detect.
He advises business owners to use passwords for all business functions, and especially online banking, that no one could ever figure out.
"I'm using something that no one would ever consider that I would ever use," Kramer said. "It's good to use a combination of letters, symbols and numbers."
And while tricky usernames and passwords can sometimes be difficult to remember, Kramer said the last thing business owners should do is keep a list on their computer.
"(Hackers) are going to go through all of that stuff and they are going to find that information," he said.
To help its customers stay protected, New Jersey's Lakeland Bank provided small businesses owners with several other pieces of advice, including:
- Educate employees: You and your employees are the first line of defense to protect your corporate accounts. Train employees to recognize and avoid suspicious emails and to never share account information.
- Protect your online environment: Encrypt sensitive data and keep updated anti-virus/spyware software on all computers. Never use unprotected Internet connections.
- Partner with your bank to prevent unauthorized transactions: Talk to your banker about programs such as Positive Pay, which provides daily monitoring reports of suspicious check payments drawn on your account, so you can stop any potential losses before they happen.
While proper security is the first line of defense, Kramer said he started his company last year to give small businesses added protection from cybertheft. The Commercial Deposit Insurance Agency provides businesses with up to $50,000 in insurance for less than $200 a year.
"We are strictly insuring your bank account from getting hacked and your money stolen," Kramer said. "Small businesses have to be very vigilant and take all the precautions, and even that's not a guarantee that it's not going to happen to them," Kramer said.
Originally published on BusinessNewsDaily.