Smaller Businesses Have Become Bigger Targets for Digital Criminals

We’ve never seen anything like it. In 2013 alone, hackers and fraudsters have made more attempts to compromise our clients’ data security than they did in the previous ten years combined. The primary targets seem to fall into two categories: businesses that handle large sums of money (investment advisors, accounting firms, payroll companies) and those with revenues between $10 million and $50 million. We suspect thieves choose these small and midsize businesses because they’re big enough to be profitable targets, but small enough to lack enterprise-scale security.
Digital risk management needs to be a top priority for your business even if it isn’t in one of these higher-risk categories. Banks are shifting part of the liability for fraud from themselves to their customers, and insurance companies are denying coverage to applicants who aren’t proactive enough about protecting themselves, so start laying the groundwork today:

• • Supplement the technology you use to block technical attacks, like mobile device encryption, with procedural defenses to protect against sophisticated social attacks.
• • Ask your bank and/or auditor about best practices to protect your electronic financial transactions — for example, requiring two confirmations for transfers over a certain dollar amount, or using a dedicated banking PC with Internet access restricted to your bank’s website.
• • Consider having your business formally audited so you can use the audit to prove your adherence to best practices to insurance carriers, business partners, and regulatory agencies.
• • Work with an attorney to develop a response to fraud and data breaches before you need it.

Tom Snyder, COO, Xantrion IT Consulting