Banks and customers share responsibility for cybersecurity: Tips for educating your customers about their risk

John Lande Iowa Banking Law Iowa Cybersecurity Law Dickinson Law Des Moines Iowa

Posted on 12/14/2015 at 10:58 AM by John Lande

According to a report from the New Jersey newspaper the Courier News, the New Jersey Bankers Association (NJBA) is working to help educate small businesses about the threat of cyberattacks. This blog has repeatedly covered the risks shared by banks and small business from cyberattacks. Recognizing the same threats to their members and their members' depositors, the NBJA issued a press release urging small businesses to consider the following in to avoid corporate account takeover:

Educate your employees  You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.

Protect your online environment  It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.

Partner with your bank to prevent unauthorized transactions  Talk to your banker about programs that safeguard you from unauthorized transactions. Services such as call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.

Pay attention to suspicious activity and react quickly  Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.

Understand your responsibilities and liabilities  The account agreement with your bank will detail what commercially reasonable security measures are required in your business. Review these measures because if you don't, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.

(Source: Bob Markin, NJ Bankers offers small biz tips for combating fraud, Courier News, December 10, 2015). The NJBA envisions a collaborative relationship between small businesses and their banks on cybersecurity. Banks should have conversations with their depositors about the threats posed by cyberattacks and, more importantly, that the bank may not be responsible for reimbursing a small business that has been the victim of a cyberattack. There are many things that a small business can do to ensure that they are protected from a cyberattack. For example, businesses can make sure that their computers have been updated with the latest software patches, their employees are using strong passwords, and internet access is limited to approved websites. Before having these conversations with your business clients, however, you should be familiar with your bank's security procedures and incident response plan in the event of a cyberattack against the bank or one of its customers. A bank that is unsure about its preparedness for a cyberattack should consult with its attorney about the bank's legal obligations in the aftermath of a cyberattack. T

he material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.


Questions, Contact us today.

Contact Us


The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Bradshaw is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm.  Your use of the Dickinson Bradshaw blog postings does NOT create an attorney-client relationship between you and Dickinson, Bradshaw, Fowler & Hagen, P.C. or any of its attorneys.  If specific legal information is needed, please retain and consult with an attorney of your own selection.