The New Age of Business Crime

The cyber world has changed the way we communicate and work, and it also has changed business crime. Business owners are finding that crime has evolved with technology, exposing their businesses not only to employee theft, embezzlement or burglary, but also to cyber crimes such as electronic funds transfer (EFT) fraud.

Criminals can carry out an illegal EFT a few different ways. One is simply by accessing a company’s bank account directly through a cyber hack. In other cases, a criminal will use secure information like bank account numbers or social security numbers to conduct a fraudulent transfer of funds. A criminal may even sell the secure information to a third-party, who then can perform the illegal EFT.

Today’s cyber crimes pose similar threats as “old fashioned” criminal activities. Thus, protecting electronic information is as important as locking the doors to an office so no one can access physical files.

Without proper protection, criminals can do the electronic equivalent of rifling through a file cabinet to complete fraudulent EFTs with the potential to completely wipe out a company’s finances. Insurance professionals can help business owners understand that a cyber crime like illegal EFTs can be just as devastating as a break-in at their company. No business is exempt from this type of threat.

One of the biggest mistakes a company can make is to assume that only financial institutions are vulnerable to EFT fraud. Any company that engages in online banking is at risk. Many commercial businesses assume banks cover these incidents the same way they would for an individual. However, banks typically don’t provide that protection for business clients, making it even more important for businesses to obtain the proper insurance protection against EFT crimes.

This particular type of cyber crime is an example insurance companies such as Travelers have seen all too frequently. For example, a company’s finance director opened an e-mail with an attached .zip file that contained a virus. The virus obtained the user ID and password to the company’s account with its bank. Immediately thereafter, a fraudulent electronic wire transfer initiated by persons unknown caused $147,000 to be wired from the company’s bank account to an unknown bank account in Arizona. The money was withdrawn before it could be recovered.

The example of the finance director’s unfortunate run-in with an illegal EFT shows just how susceptible a business can be. Because secure information is now digitized, data is immediately accessible. Having unprotected electronic information is the equivalent of a business leaving its doors unlocked. Identifying exposures and implementing best practices is an important component of a smart risk management strategy.

There are steps business owners can take to secure their businesses against these exposures. Determining the right type of insurance coverage is a cornerstone to a business’s successful cyber security system. Adding the following steps to a company’s list of security measures can help ward off EFT fraud:

Educate Employees: Rather than being a source of exposure, employees can be a business’ first line of defense. This starts by informing employees on proper risk management practices. For examples, employees should know to avoid e-mails sent by unknown senders; stay clear of unfamiliar Web sites; use company-approved external devices; keep personal passwords private; and alert IT personnel to unfamiliar pop-ups or files that might contain malware.

Know the Status Quo: The best way to spot unusual activity within a company’s EFT logs is to be familiar with them in the first place. Business owners should check their bank transfer logs daily. Doing so at night can serve as another measure to prevent fraudulent transfers before they are processed the following day. Business owners also can set up limits on the amount of funds that can be transferred and reserve one computer solely for EFTs.