You run your business and you do a pretty good job. You manage your finances well, have a bookkeeper, and your business account is filled with the profits of your hard work. Then one day, you get a shocking phone call from your accountant: your money has been cleared out. How did this happen? How are you going to get this money back? Identity theft for a business is handled differently than identity theft for an individual.
Cyberfraud uses your information against you, gaining access to your private information by breaking into your email and linked accounts, and using that information to transfer funds out. This can occur in two major ways:
In an NPR report, When Cyberfraud Hits Businesses, Banks May Not Offer Protection, Stuart Rolfe, a Seattle businessman explains how he lost over $1 million dollars when hackers accessed and used multiple sources and cover-ups in their fraud.
“They knew exactly how I had communicated with our bookkeeper,” [Rolfe] says. “They knew exactly what kinds of things that I said” in emails to her authorizing transfers. He made another disturbing discovery: When he looked back at the transfers, he found that when they were authorized he always seemed to be in business meetings.
That’s because the thieves also had access to his Outlook calendar. It meant the cybercrooks could safely impersonate Rolfe and write emails telling his bookkeeper to transfer funds to their bank accounts. The thieves could respond to any questions from Rolfe’s bookkeeper and then delete all those communications from the account before Rolfe returned from his meetings and checked his email again.
When you see a fraudulent charge to your bank, your first reaction might be to call the bank up and ask them to refund it. While this works for individual accounts due to Regulation E of the Electronic Fund Transfer Act, this regulation does not apply to business accounts. As such, when business reach out to these banks, they often hear a resounding “no,” and taking them to court over the issue often cost more in legal fees along than the actual funds that were lost.
The banks are required to provide some protection under Uniform Commercial Code, offering the business “commercial reasonable” security protocols to be put into place to protect their accounts. However, these measures are easily thwarted by hackers when they have access to your sensitive files. As long as these protocols are followed, regardless of what red flags should be raised due to large account transfers, the banks can refuse to reimburse the company on these fraudulent money transfers.
There are three major steps to protecting your business against these types of cybercrimes. First, make sure to store this information in a secure location. Have a company email instead of using a third-party provider, and avoid sending passwords and account information via email. Second, have a two-step verification when it comes to company transfers, having those enabled to make account transfers requiring two points of authentication (such as email and phone) before making transfers. Third, take out Cyber Insurance for your business, which will cover your losses, as well as provide you resources to further secure your business.
Cyberfraud is a silent and electronic attacker, but can gut your business as easily as a fire. Learn more about the types of risks and coverage by contacting the H&K Insurance Agency. We would love to provide you with a free quote on policies and what type of coverage is right for you.