15 Data Security Tips to Protect Your Small Business
Thanks to SmallBusinessComputing.com and Jennifer Schiff for this article!
In August 2010, the Privacy Rights Clearinghouse published its latest Chronology of Data Breaches, which showed that since 2005 more than a half-billion sensitive records have been breached. Of those breached records — which contained such sensitive data as customer credit card or social security numbers — approximately one-fifth came from retailers, merchants and other types of non-financial, non-insurance-related businesses, the majority of which were small to midsized.
An equally scary statistic: approximately 80 percent of small businesses that experience a data breach go bankrupt or suffer severe financial losses within two years of a security breach, according to John Sileo, a professional identity theft consultant and speaker, who knows firsthand about the havoc a security breach can wreak on a small business.
What can a small business owner do to protect her business from a security breach? Small Business Computing spoke with two security and privacy experts and consulted the leading security and privacy sites to find out. The good news: protecting your business from a data security threat is easier than you think. It’s also much cheaper than the physical, financial and emotional cost of repairing one.
Identity Theft’s Latest Victim? Your Business.
Latest Identity Theft Trend is Stealing Your Business’s Identity to Falsify Accounts
In the past two weeks, I have been contacted separately by two local business owners to share how their business identity has been stolen and used to set up accounts with various companies on which thousands of dollars are charged and they (the actual owners) are left to pay the bills. There are no identity theft statistics on this type of crime, but I am certain that it is just coming onto the trend radar. In further proof that this is becoming a major problem for corporations, the Denver Post ran an article this morning titled “Corporate ID Thieves Mining the Store“.
Here’s how this incredibly easy form of business identity theft works:
- A thief scours the internet for your company information (Facebook is usually a good place to start, as is your local Secretary of State’s website). They are particularly interested in bids for government contracts, as they often contain a sample of your letterhead as well as your pertinent business information. If they can obtain the Federal ID# of your businesses, they have even more ammo to defraud you.
Business Identity Theft Radio Interview, Part II
John recently did a second radio interview on business identity theft for New Construction Strategies hosted by Ted Garrison. The construction industry, like most industries, battles with data theft on a daily basis. Insider theft, cyber crimes, social networking exposure – these are just a few of the areas that businesses need to defend against in the information economy. Listen to the interview to learn more.
| “Privacy Means Profit” John Sileo with Ted Garrison |  |
Data breach, identify theft, and corporate espionage can cause huge damage if you don’t stop them upfront because the impact goes right to your bottom line. “We spend thousands of dollars on our computers but we don’t necessarily put the money into protecting the data that is on them,” reports identity theft expert John Sileo. Listen Sileo explain how this can destroy your company and how to prevent this disaster.
|  |
Business Identity Theft Radio Interview, Part I
John recently did a radio interview on business identity theft for New Construction Strategies hosted by Ted Garrison. The construction industry, like most industries, battles with data theft on a daily basis. Insider theft, cyber crimes, social networking exposure – these are just a few of the areas that businesses need to defend against in the information economy. Listen to the interview to learn more.
| “DODGING THE HIT FROM IDENTITY THEFT: WHY YOU SHOULD CARE” John Sileo with Ted Garrison | |
Data breach, identify theft, and corporate espionage can cause huge damage if you don’t stop them upfront because the impact goes right to your bottom line. Listen to John Sileo, author of Stolen Lives, describe the horrors of not protecting yourself as well as what you must do to protect yourself.
| |
FTC Red Flags Rule: Is Your Business Ready?
FTC Red Flags Rule Goes into Effect June 1st, 2010
The FTC will begin enforcing the Red Flag Rule on June 1st, which states that certain businesses and creditors must help fight identity theft as well as create an identity theft prevention plan. This applies to a very broad class of businesses: those defined as “financial institutions” and those that extend any type of credit to their customers.
In other words, if you don’t receive cash the moment you deliver your product or service to your customer, your business most likely falls under the umbrella of the Red Flags Rule. If you do any billing after the fact (i.e., accounts receivable), you are considered a creditor, and therefore in the group of companies governed by Red Flags.
This includes:
- Any Business that Extends Credit
- All Banks
- Most Brokerage Firms
- Credit Card Companies
- Mortgage Lenders
- Non Traditional lenders (utilities, dealerships, health care providers)
Building an Identity Theft Prevention Plan
According to the FTC, the identity theft prevention plan consists of four main parts:
- Identification: The plan needs to provide a process to identify patterns, activities or transactions (i.e. red flags, hence the name) that appear to be leading to identity theft.
- Detection: The plan needs to specifically call out processes and procedures that will be used to detect the previously defined red flags.
Biometric Identity Theft: Stolen Fingerprints
Identity Theft is a huge and growing problem. According to the recent 2009 Identity Theft Fraud report by Javelin Strategy & Research, victims increased 22% in 2008 to 9.9 million. When businesses are involved, the companies face billions of dollars in theft, millions of dollars in fines and, perhaps most important, the loss of customer trust.
The large impact that identity theft has on individuals lives and corporations’ bottom lines has made inexpensive biometrics look attractive for authenticating employees, customers, citizens, students and any other people we want to recognize. The most recent debate is on whether the pros outweigh the cons.
Biometrics uses physical characteristics, such as fingerprints, DNA, or retinal patterns to positively verify individuals. These biological identifiers are electronically converted to a string of ones and zeros and stored on file in the authenticator database.
The downside or weakness of biometrics is that the risk of data breach remains relatively the same. Just as a credit card number can be stolen, the numbers that make up your biometrics and are stored in a database can be stolen. It may take longer for thieves to understand how to use these new pieces of information, but they will eventually be used.
Uncovering Business Identity Theft
While the majority of identity theft schemes prey upon individuals, small-businesses and organizations are increasingly becoming targets. Business identity theft is a serious threat, but it mostly flies under the radar simply because companies are embarrassed to discuss.
Although most companies are protected by copyright, patent and trademark laws, smaller companies lack the higher IT security measures that large companies have. According to recent studies by Javelin Strategy & Research this makes them 25% more likely to be victims of business identity theft over larger businesses. Not only do small businesses and business owners typically have larger lines of credit open than an individual, but they are unlikely to detect the fraud for six to eight months making them a prime target.
Business Identity has not been completely defined yet, but it definitely has been stolen. California has become the leader in offering identity rights to organizations and in 2006 they expanded the definition of ‘person’ in identity theft laws to include associations, organizations, partnerships, businesses, trusts, companies, and corporations. These types of amended laws have proved to deter business identity theft and provide greater assistance to those companies that have been hit.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
