Small businesses get new reprieve from cyber attacks

Two recent court rulings in the United States about cybercrime may be a game changer for small businesses.

In the past, if hackers got around a small business’s layered security and stole money, then chances were that business would never see a dime of that cash again.

However, two recent court rulings in the United States may be a game changer for small businesses. The Wall Street Journal reported that courts in Boston and Detroit have said banks may bear the burden of cybersecurity if a business’s financial account is hacked.

This, according to the paper, is a break from past logic in which courts assumed that businesses should know enough to keep online accounts safe from hackers.

“Could we have done things better? Yeah,” Mark Patterson, co-owner of Patco Construction Company, said to the WSJ. “But we’re a small business we don’t have an IT professional on staff. We’re not banking specialists, and we don’t know all the threats out there.” Patco had about $600,000 stolen from it after a hacker used a program to record employee keystrokes.

In the case brought before the Detroit judge, the WSJ reported that a phishing scheme enabled a hacker to take more than $560,000 from a custom metals shop in Michigan.

Lawyer Richard Tomlinson said to the WSJ that he thinks the two rulings show that small businesses need the kind of legal protections offered when a person’s account is targeted by hackers.

Hackers increasingly prey on small businesses
About 74 percent of all small and medium-sized businesses were affected by cyber attacks from May 2010 to May 2011, according to the U.S. Federal Communications Commission.

“The truth is there are millions of small businesses that have no clue of the sophistication of the threat that is out to get them,” Brian Krebs, author of a blog about cybercrime and internet security, said to the WSJ. “You’ve got one lady who’s in charge of payroll, and she works nine to five and …God bless her, she’s up against the Russian mob.”

According to the FCC, 42 percent of surveyed small and medium-sized companies lost private or confidential information from May 2010 to May 2011. Of that group, 40 percent of businesses experienced financial hardship as a result. During that period, the average online theft targeting small and medium-sized companies netted more than $188,000, resulting in billions of lost dollars a year.

What do you think about these court rulings? Should the responsibility for protecting bank accounts from hackers be with small businesses or with the banks?

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.