Free Enterprise - The FindLaw Small Business Law Blog

Cybercrime Wave Targets Small Business

With increasing sophistication of cyber tools for online innovation comes slicker cybercrime.  A multimillion dollar virtual crime wave targeting small and mid-size companies has been reported by NACHA-The Electronics Payment Association--a task force representing over 15,000 institutions in the financial industry.

NACHA reports that cyberbullies have been swiping small business usernames and passwords associated with corporate accounts at banks using malware and tools that record keystrokes.  The gangs organizing the bulk of the million-dollar criminal mischief appear to be from Eastern Europe.  They have been siphoning off U.S. small business funds and sending the funds overseas using money transfer services.

The cybercrime has focused on small business because of the relative lack of reinforced user authentication and absence of "red flag" reporting that is a norm of the sector. 

How can your business protect itself?

  • Invest in strong two-factor authentication, making it harder for an unauthorized user to access a company's financial account.
  • Set up alerts that will inform you when there is suspicious or unusual activity on your company's bank account.
  • Protect your company systems against the Clampi Trojan virus, which is designed to infect not only a single machine but also every other machine on the domain using a Window's tool.
  • Be wary of phishing sites that look just like your financial institution's login page.  These dummy pages are set up to make you think you are logging into your financial institution's site but they actually just capture your username and password for the cyber criminals to use to hack into your company's bank account.
  • Be reluctant to open attachments.  The scammers have been sending targeted email with virus-infected attachments that, once opened, will install software on your machine that will unsuspectingly capture your usernames and passwords.

What does the law say?

Consumers enjoy stringent legal protection in online banking transactions, generally having up to 60 days after receiving a monthly statement to dispute unauthorized charges.  That is not the case for small businesses.  In fact, the law governing business transactions---known as the Uniform Commercial Code (UCC)--gives just days for businesses to identify and dispute fishy activity. 

Related Resources: