The threat of identity theft is very real for consumers and businesses alike, but owners of small businesses may not realize the danger they face of having their personal identities compromised through their business. According to the U.S. Small Business Administration, the small business represents more than 99 percent of all U.S. businesses, and of the estimated 27 million small businesses, more than 21 million are sole proprietors, making them ideal candidates for identity theft.
Many of these business owners have very fragile firewalls between their personal and business finances, which in turn can make them exceptionally vulnerable to identity theft. These small companies are also becoming more digital, but without the necessary security expertise they often expose themselves to serious vulnerabilities. For that reason, hackers now have small businesses in their cross-hairs. Visa estimates about 95 percent of the credit card data breaches it discovers impact the smallest businesses.
Tips for prevention and Detection from the ITC:
Write a security plan. Security starts with a plan. A plan can be as simple as the security rules, guidelines, and goals for your business, and the consequences for ignoring them. A plan is also an easy way to help you remember your security priorities.
Do an inventory of your data. Data is what the thieves want, whether its customer account or credit card data, employee Social Security numbers, or even databases of target customers. If you don't know what data you have in your business, or where it is, then you can't effectively protect it.
Train your employees. Enlist every employee, family member, partner, and contractor as a vigilant sentry so that every stakeholder understands how to protect their corner of cyberspace. Most thieves will target the weakest link, and that's usually a careless or untrained employee.
Guard your business accounts well. As a business owner you don't enjoy the benefits of zero liability, so if your account is emptied by crooks, the bank won't bail you out.
Restrict employee and insider access to data. For everyone's safety employees should only have access to the data they need to do their job. And that access should also be monitored.
Be especially wary of banking Trojans. These highly sophisticated programs can easily creep on to your computers, steal banks logins and passwords, and quickly empty your bank accounts.
Monitor your bank accounts and credit cards constantly. These can often provide the earliest warning that thieves have obtained your account information and have started to use it. Most financial institutions provide free instant alerts to warn you about any unusual account activity.
Be wary of business identity theft, too. Business identity theft is a growing problem, and it involves criminals using publicly available information about your company to pretend to be the legitimate owners of your business so they can take out substantial loans and leave you to clean up the mess. An easy precaution is to regularly Google your business name for any clones.
Use the available technologies. As a small business owner you have many choices when it comes to protecting your employees, your computers, and your data from cyber thieves. And some of the best tools are free. So make sure every computer in your business is locked down with layers of security technology.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.