It's almost like it was written to be a movie script. The victims blindly walk into a huge trap plotted by the villains. The crime? Fraud -- lots of it. In the end, the villains get away with the proceeds, leaving the hapless victims penniless.
Problem is: This crime is not just playing out on the movie screen; it is happening in real life. Recent ACH fraud victims can attest to this fact. Ask Village View Escrow, PATCO construction or Choice Escrow.
"Doing right by educating your customers is a great start. If you're already doing it, do more."
Yet, despite these high-profile incidents, the results of a recent survey from the National Cyber Security Alliance say that small businesses are oblivious to the dangers they face from cybercrime. This statement should be a real wake-up call for not just the small businesses, but also the institutions that serve them.
Small business owners polled by Visa and the NCSA say they increasingly believe investments in cybersecurity are not justified by actual online threats, and the majority of cybercrime is focused on attacking large companies.
This attitude is manifested in practice, as 75 percent of owners say their employees have received less than three hours of network and mobile device security training in the past year, with 47 percent saying their employees received zero hours of training.
According to the Visa survey, more than 85 percent of small business owners believe that they are less of a cybercrime target than large companies, and 54 percent believe they are more prepared to secure sensitive customer and corporate data than large businesses. In addition, 84 percent agree that they have the policies and procedures in place for keeping data and computer systems secure.
The findings are surprising in light of growing concern from security experts and law enforcement that hackers and cybercriminals are honing in on small businesses as their new targets. In October, Ukraine authorities arrested a number of individuals who allegedly stole $70 million from U.S. bank accounts in an elaborate scheme targeted at U.S. small and medium-sized businesses.
What can financial institutions do to help raise awareness among their business customers? For a start, institutions of every size need to do much more to reach out and talk to their commercial account holders, educate them about the need for cybersecurity and sound security policies. Think of holding a "security 101" class for your small businesses to help them get up to speed on what they need to do to protect themselves and their customers. Along with creating some goodwill among your small business account holders, you'll be doing double duty in protecting your interests as well. Imagine having to tell the same businesses that their commercial accounts were hit in a corporate account takeover scheme and they're out thousands of dollars, or that their point of sale terminal shows that it has been swapped and a hacker has taken hundreds of their customers' credit card numbers. Doing right by educating your customers is a great start. If you're already doing it, do more.