While big company data breach events make big headlines – small businesses and their customers are the new targets for data breach and ID Theft.
Small businesses were the most victimized of all companies, where 31% of organizations with fewer than 100 employees experienced a data breach, according to the 2013 Verizon data breach
When a small business experiences a data breach, the small business and its customers may not even know it for months and even years, resulting in far more serious consequences to both the small business and the customer.
There are two risk factors when a small business experiences a data breach event. First, the small business itself could lose business account information such as the Employer Identification Number (EIN), business bank account information and proprietary company information – all of all which can be fraudulently used against the business resulting in financial loss.
Second, employee and customer data such as credit card numbers, checking account numbers, social security numbers, and/or driver’s license numbers can be stolen to commit both financial and non-financial ID Theft.
The primary difference between small business ID Theft and consumer ID Theft is that small businesses DO NOT receive the same consumer protections as individual consumers.
What can a small business do? Every small business – whether your business has 1 employee, 5 employees or 10 or more employees – should complete a data assessment, understand the regulatory environment and implement some basic risk management concepts.
- Data Assessment – Every small business should complete a comprehensive data assessment of the type of information that is being collected, used, stored and transmitted. This will help every small business determine their best practices for an effective information security and governance plan.
- Regulatory Environment – Every small business needs to
understand its responsibility with federal and state notification laws and where it conducts business. You can find the list of the forty-seven states that have notification laws at ncsl.org.
- Risk Management – This concept is typically ignored by small business owners, which is a big mistake. Small businesses can minimize their exposure to ID Theft and data breach events by increasing employee education on safeguarding information, the implementation of baseline safeguards/controls, adding cyber insurance and vigilance including pre-employment screening
Being a small business means you are a big target for ID Theft criminals. Protect yourself; protect your business; and protect your customers.
Mark Pribish is Vice President and ID-theft Practice Leader at Merchants Information Solutions Inc., a national ID-theft and background-screening provider based in Phoenix.