Small and medium-sized businesses (SMBs) are under attack.
There are over 25 million SMBs in the United States – each with a business plan and a dream to turn an innovation, service, or hobby into a lasting monument to resourcefulness, perseverance and hard work.
For SMBs, growth (and indeed, existence alone) brings risks, and nothing can be more devastating and confusing than stealthily losing hundreds of thousands of dollars to fraud schemes that exploit relationships that they normally trust – their banking relationships. The breakdown in trust is hugely damaging for both parties, and often results in costly lawsuits.
Businesses may believe that fraud can’t or won’t happen within their organization, but we all know that fraud is an equal opportunity crime. Creative fraud schemes, a lack of fraud awareness, limited security resources, and downright denial have conspired to give rise to SMB losses that are reaching epidemic proportions.
Precisely tabulating losses is extremely difficult, but recent data shows that more than half of small businesses have suffered a data breach – and nearly a third of all cyber attacks in 2012 were aimed at small businesses. While some reports suggest that both the number of incidents and the loss per incident is down, the reality is that fundamentals have not changed: fraudsters are creative, fraud is an industry, small businesses have limited resources, and denial is rampant.
For banks, the rise of cybercrime on small businesses presents a new opportunity – not to drive new revenue, but to reinforce the reason why small business choose banks in the first place: trust. In fact, by not effectively addressing SMBs’ security concerns, banks risk shaking the foundations of their customer relationships.
Security experts have long focused on promoting smarter banking strategies and building powerful tools to fend off cybercriminals. Both small businesses and their banks invest a lot of time and money to ensure the security of sensitive information, yet the cyber-assault on SMBs continues.
The primary issue is that technologies and policies put forth by banks are not always practical on a small business level. Many common security strategies – such as consistently patching vulnerabilities, ensuring antivirus programs are up-to-date, limiting banking activities to certain devices – are practical for most large corporations, but can be problematic for small businesses. With small business owners often already stretched too thin, the time and commitment required to maintain security falls off the radar.
Additionally, many small businesses don’t fully realize the security risks they face, or fail take the threat seriously – even though evidence that SMBs are likely to be targeted by cybercriminals piles up.
But this reality doesn’t excuse banks from providing optimal security – in fact, with banks’ reputations and customer relationships highly at stake, banks need to be leaders for small businesses in protecting sensitive information, go above and beyond what is required, and act as a true security partner.
The Security To-Do List for Banks
The industry can’t force every single small business to dedicate time, resources, and focus to security – so it’s up to banks to ensure that normal, everyday payment behaviors are secured. Banks can strengthen the security standing of their small business customers’ payments by embedding secure protocols into the services they offer, and by educating SMBs on the must-implement security practices, including:
• Two-factor authentication, which requires two forms of identification – often a physical token and digital code – to complete a transaction.
• Transaction verification, which ensures that the content of the transaction is accurate.
• Transaction monitoring, which continually monitors transaction activity, and sends alerts when something is amiss.
• Segregation of duties, which adds a layer of security by requiring at least two people to approve and process a transaction.
• Multi-stage approvals for large payments, which places an additional degree of control and security in the hands of the business making the payment.
More importantly, banks need build secure solutions that simple, seamless, and packaged in a way that they can easily be adopted, to ensure that more customers are using the most secure tools possible. Additionally, banks should build these protocols an inherent feature of their payments and online banking services – not offer them as value-adds. The value for banks stems from the competitive advantages and increased customer loyalty gained by becoming a better security partner.
Implementing the Security To-Do list can be a challenge for banks – especially when their customers are SMBs. Security procedures are often seen as detracting from a friendly user experience, and banks are loathe to do anything that impacts usability.
But, it is only a matter of time before security becomes the selling point, and customers become aware of why they do business with their banking partners – trust, after all, is important.
Don’t Put Trust At Risk
The relationships between small businesses and security, banks and small businesses, and security and banks are complex. Banks rarely come up short when managing security for consumers and large corporations; investing in small business security, though, is an often challenging and uneasy task. But with their most valuable assets – trust, customer service, and reputation – on the line, banks need to transform the security risks and solutions for small businesses in order to deliver a more secure and practical payments experience for SMBs.
The cyber-attacks that small businesses face are a threat to banks, as well – to their reputations and their customers relationships. It’s imperative that banks overcome the disconnect that frequently occurs between them and small business customers, and establish a security-focused dialogue that ensures that customers’ trust in their banks is not broken.
B.C. Krishna is the CEO of MineralTree, which provides small business payments solutions to banks.