A great moment in the life of business owners is when they sell their company. They are finally rewarded for the risk involved in starting a new enterprise, for thousands of hours of subsequent work as well as countless sleepless nights.
Unfortunately, their success also paints a giant cyber bullseye on their backs. Cybercriminals track transactions and who the sellers are. They are part of an industry that will soon be larger than the sale of all illegal drugs worldwide, combined, has surged seventeen-fold in the last two decades and is projected to double again over the next three years. And, anyone who has just experienced a major liquidity event is now one of their prime targets.
Critical to protecting your hard-earned wealth is understanding (i) your risks, (ii) who the bad guys are, (iii) what they are trying to steal and (iv) the economics of their businesses.
Custodial, brokerage and bank accounts hold most of the assets that an owner receives from the sale of their company. However, many business owners are unaware that the bulk of cyber theft risk associated with these accounts falls squarely on their shoulders.
More specifically, few financial advisers ever disclose that the associated account agreements are breathtakingly one-sided in favor of the custodian/brokerage/bank. One such agreement shields the custodian from any liability unless the theft occurred because of “no fault” of the client. Another makes the client “solely responsible for safeguarding and keeping confidential [their] password and user IDs” and the custodian is “not liable for any loss or damage that occurs via the use” of the client’s password and/or user ID.
Additionally, there is a common misperception regarding bank accounts. Although they are insured up to $250,000 by the FDIC, many online banking agreements contain clauses exempting the bank from liability for cyber theft if the owner is deemed to be at all at fault.
Cybercriminals focus on stealing cash and marketable securities. While these organizations usually have sophisticated cyber defenses, the lax personal cybersecurity habits of many business owners create gaps that can be exploited. Cybercriminals employ complex algorithms to crack weak passwords used for online accounts. They also infiltrate personal email accounts and devices to pose as the account’s owner and direct that assets from it be transferred to a third party. They even use unprotected personal social media videos with AI-software to clone voices that can be used to confirm fraudulent transactions.
Furthermore, cybercriminals can exploit exposed personal information to steal identities without hacking into accounts. Unless business owners diligently guard their cyber privacy, it’s relatively easy for these criminals to steal their identities, as well as those of their children. Stolen identities are regularly used to purloin credit, health insurance and tax refunds.
Cybercriminals generally operate as part of one of two types of enterprises. There are extremely sophisticated cybergangs operating offshore in countries such as China, Russia, Iran and North Korea and many are led by military cyberwarfare and intelligence officers who moonlight as cyberthieves. They typically are large businesses that must steal significant amounts of money just to cover their operating costs. Hence, targeting individual business owners is usually insufficiently lucrative unless the victim is careless (i.e., uses unsophisticated and/or similar passwords, clicks on links in phishing emails and smishing texts, does not engage device and account security and privacy settings, etc.), making them easy to breach.
There also are numerous, smaller cybercrime enterprises located in nearly every country, including the United States. Most are not vertically integrated businesses and those which steal account credentials and identities often lack the necessary infrastructure to use them to steal assets. Instead, they sell information to other criminals for relatively small amounts of money (i.e., ≈$10 to $15 per username and password) on a part of the Internet known as the “Dark Web.”
However, because they get paid so little for what they steal, they generally focus on easy targets. And there are vast numbers of people who operate online with few cyber protections and little commonsense.
More simply, the economics of cybercrime effectively dictate who criminals target. Anyone who makes themselves a hardened target quickly becomes unattractive to pursue.
The good news is that it is relatively uncomplicated to protect yourself and your wealth. It requires a combination of low-cost, widely available technology and multiple simple steps. They are spelled out in a guide that can be downloaded for free from our website.
Of course, notwithstanding even these protections, at some point everyone and everything online will be breached. But such incidents will be less frequent, and the resulting damage likely will be far less.
One million passwords are compromised every week. Forty-two million Americans had some portion of their identity stolen last year at an aggregate cost of $52B. If you have just sold your business and want to hold onto your wealth, the choice is simple: either begin acting rationally online or plan on becoming part of a statistic.
