U.S. Small Businesses Targeted by Cybercriminals

Cyber-criminals continuing to develop new ways to ensnare victims. And as cyber-criminals create increasingly clever schemes, they are more frequently targeting small US businesses.

According to an article in the Wall Street Journal (by Robert McMillan), the FBI, it has logged approximately 18,000 reports of business email scam since 2013. This accounts for 2.3 billion in losses. Even more troubling, complaints about these cyber scams have more than tripled last year as compared with 2014. Similarly, the Center for Strategic and International Studies reported that the estimated global cost of cyber-crime was over $400 billion.

Spoofing executives and directing subordinates to transfer money have been a mainstay in the cyber-crime toolbox. However, evolution of cyber-crime as seen a new variation in which criminals hack into company email accounts to change bank account information to capture payments intended for suppliers. So when the buyer sends an order, the cyber criminals step in to intercept the seller’s invoice and change payment instructions before sending it back to the buyer. Funds are then sent to the criminals instead of the seller by way of the fraudulent invoice.

As online attacks grow in volume and sophistication, small businesses must expand its cyber-security efforts. While a full discussion of the steps business owner should take to protect against online scams and cyber-crime, here are a few points for consideration:

  1. An effective cyber-security defense begins with an information security risk assessment. This critical first step may be performed internally or by a qualified consultant. The goal here is to identify and correct vulnerabilities before an attack and to establish a baseline for normal business network and employee behavior.
  2. Building on the first point, the results of a security risk assessment should then be discussed with your employees to correct security gaps created by user error. Invariably, such errors will involve weak or poor password management or a lack of understanding about phishing or other scams designed to trick users into compromising network security.
  3. Developing an incident response plan – before it is needed – can limit the damage and disruption caused by cyber-crime and. Such a program should also encourage a security minded workplace culture. As part of developing an incident response plan, your company should identify subject matter experts, such as computer forensic specialist and attorneys experienced in e-commerce and information security.

These are only a few steps that businesses should consider in fortifying against cyber-crime. As with most things in life, is important to plan for the worst and hope for the best. With this in mind, if have questions about this article, please contact attorney Jason Shinn. Since 2001, Mr. Shinn has represented businesses in investigating and responding to cyber-crimes and workplace misconduct involving computers and the Internet.