Many small businesses think they’re not hot targets for cybercrime. After all, their pockets are nowhere near as deep as the Fortune 500. But here’s the kicker. A smaller company often means a smaller budget for IT security systems and personnel. And this translates into serious vulnerabilities as CEO Lloyd Keilson of Lifestyle Forms & Displays Inc. learned the hard way.
In May, Keilson’s 100-person company became the latest victim of cybercrime with $1.2 million stolen online in mere hours. The theft was uncovered shortly after unsuccessfully trying to make a routine online payment and realizing its online banking access was invalid. The IT team suspected a virus and worked quickly to clean up infected machines, but by then it was far too late. Nine transactions later, Keilson had lost $1.2 million.
So this situation raises an interesting question. Who’s liable when it comes to online cybercrime? Naturally Keilson hoped it was the banks. He immediately notified his bank, Signature Bank, who managed to recover $800,000 from two recipient banks in just five days. After some more hard work, he managed to recover $1.04 million of the stolen money, as well as involving the NYPD and FBI.
The remaining funds are still missing. Keilson is trying to determine if the bank is responsible to cover the lost balance due to fraud. Unfortunately, banks are typically not held liable in the case of business theft due to computer breaches on the client’s side, according to George Tubin, senior security strategist for Trusteer Inc. So that might leave Keilson without recourse.
Moving forward, Keilson is taking serious measures to protect his company in the future. He’s implemented a mandatory verbal clearance for all outbound transactions from authorized company executives. And, he’s done something unusual. He’s also invested $13,000 into a $1 million cyber insurance policy to protect against computer fraud and related losses.
When it comes to online security, it seems to be unclear as to who’s at fault. And who will come to your rescue if it happens to you? What do you think? Should banks share the blame for criminal activities that steal your money? Or is up to the individual to prevent cybercrime?