In today’s article, Intersections’ Consumer Security Adviser, Neal O’Farrell writes about how cyber criminals and identity thieves target small businesses. Why? Because many small businesses do not have substantial security procedures in place, and they make an attractive target for thieves hoping to steal your personal information.
Last night a neighbor of mine called for some advice on identity theft. He'd just received a call from a mortgage broker he hadn't dealt with in more than two years, who told him that he'd just had a break-in at his office, his computer was stolen, and my neighbor's personal information was on that computer. Along with the personal information of possibly thousands of other victims who had provided their personal information to that broker over the years.
And because the information was about loan and mortgage applications, it included everything a thief would need to commit devastating identity theft against multiple victims. Information like name and spouse's name, Social Security number, address and date of birth, earnings and employer, previous addresses and more.
What bothered my neighbor most, apart from the obvious risk to his identity, was why the broker had held on to so much sensitive information for so long. And why it was sitting unprotected on a personal computer for so long.
I had to explain to him that this practice was very common. Small businesses, whatever their nature, tend to be unfamiliar with security procedures and data protection basics. Chances are, this broker has been hanging on to highly sensitive client information for years, maybe even decades, either in the hope that he could do business with those individuals again in the future, or simply because he was too lazy to properly dispose of that information after he no longer needed it.
While something as simple (and often free) as encryption would have made that personal information completely safe from thieves, few small businesses have yet embraced this simple idea.
I've been saying for years that one of the biggest identity theft threats for consumers are the small businesses they deal with on a daily basis. I don't want to be harsh on small business owners — I've been one for thirty years — but they're running out of excuses. There are few small business owners today who have not heard about cyber crime and identity theft and who are not aware that they have a responsibility to protect their customer and employee information from these threats.
Yet there are also very few small business owners, in my experience, who are actually doing anything about it. The most common excuse I hear from small business owners is that they're just too small for a hacker to bother with. This completely misses the point, because hackers usually work by doing large sweeps or trawls for victims, and are quickly able to identify those businesses that have gaping security holes.
And with identity theft often viewed as the new burglary, small business owners have just as much to fear from local petty criminal as they have from global cyber gangs, because information stolen in burglaries often ends up in the same place.
Which probably explains why the most recent study of data breaches, just published by Verizon's security division, found that out of the 855 data breaches the company's security team investigated last year, more than 600 of them were at small businesses. That tally's with a claim made last year by Visa that approximately 95% of its credit card breaches were at its smallest customers.
If any small business owner is still not convinced that hackers are targeting small businesses, the Verizon report also found that more than 80% of these breaches were as a result of the activity of hackers, and nearly 70% involved the use of malware.
To me there's little doubt that the small business is squarely in the sights of hackers and cyber criminals around the world, and a single security incident at a small business could be its' death knell. As public awareness grows about the danger of doing business with small businesses, worried consumers may take their business elsewhere.
And the inevitable result, if small business owners fail to take heed and responsibility, is that some form of legislation will be introduced to force small business owners to do the right thing.
If you are interested in reading the 2012 Verizon Data Breach Investigations Report, you can download a copy here.
Has your company experienced a data breach? We can help. Call us at 1-888-283-1725, or visit us online, for information and security solutions.
Learn more about identity theft protection.