While cybercrime is a risk for firms of all sizes, small firms may find themselves particularly vulnerable, according to a white paper issued by First Clearing in May.
In “Getting Serious About Cyber Crime,” First Clearing noted that as transactions are increasingly conducted online, the incentives for criminals to exploit that trend also grows. “Our computers often contain the tools to access client accounts with the click of a mouse, and smaller financial firms make an attractive target for fraudsters hunting an easy mark,” according to the paper.
In January 2012, the FBI teamed with the Internet Crime Complaint Center and the Financial Services Information Sharing and Analysis Center to issue a guide on preventing fraudulent wire transfers. The guide noted that as of December 2011, the attempted fraudulent requests totaled approximately $23 million and actual losses were about $6 million.
Hackers are looking for a quick, easy payout, so it doesn’t matter how big your firm is—if you leave yourself vulnerable to attack, you could be a victim. However, smaller firms are inherently easier to attack, according to the paper.
Employees at financial firms have direct access to client data and assets, according to the paper, and many have tools to initiate transfers on their personal computers. Even if a hacker gains access to only one or two computers, that’s often enough.
Small firms also lack extensive physical security, which the paper noted can be taken as a “’tell’ into the organization’s overall security discipline.”
Without the resources of larger firms, some smaller firms have less complicated technology security. Again, the physical size of a firm is an indicator of a potential target to a hacker, as the size of a network often correlates with the complexity, according to the paper.
Human vulnerabilities, which could endanger firms of any size, could be a problem at smaller firms if they don’t train employees on information security and how to recognize a threat.