As more customer information is stored online, data breaches pose an increased risk to business owners and consumers alike.
A data breach often involves the loss of personally identifiable information. “Think about any information that is unique to you as an individual, or when combined becomes unique,” says Scott Mitic, senior vice president of Equifax Personal Solutions.
For example, information compromised in a data breach can include customers’ and employees’ names, addresses, Social Security numbers, dates of birth or medical insurance information.
A data breach—especially one that includes the loss of personally identifiable information—poses obvious threats to your customers, including the threat of identity theft. According to the “2013 Identity Fraud Report” by Javelin Strategy & Research, which looks at 2012 data, 1 in 4 consumers who received data breach notifications became victims of identity theft.
But it’s not just consumers who are impacted—small retailers also lose out. The Javelin study found that victims are more selective about where they shop after a fraud event, with 15 percent of victims choosing to avoid smaller online merchants.
How do data breaches happen?
According to Mitic, two common ways that companies become data breach victims are through physical access to confidential information and online computer vulnerabilities.
“In general, data breaches are most frequently perpetrated by someone the business owner knows,” Mitic notes. “It can be a vendor, an employee with access to a customer database, or an outsourced IT team who comes in to do desktop support or update software.”
In less common cases, data breaches occur when online hackers are able to gain access to your company database that holds confidential information, such as the personal information of your employees and customers.
“There are vulnerabilities that can be created through a company’s website or interface—where data is being moved electronically,” Mitic says.
What are a few signs that your business has fallen victim to a data breach?
A data breach can be incredibly damaging to your small business. In fact, in a March survey of small business owners conducted by the Ponemon Institute, 70 percent of respondents agreed that the loss of employees’ and customers’ sensitive personal information would do more harm to their businesses than the loss of confidential company data.
As a victim of a data breach, you could lose customers, business partners or employees, so it’s important you catch a data breach early. That way, you can help retain as many of your current customers, business partners and employees as possible.
Mitic says there are some red flags that may indicate your company has been victimized. A few examples include:
Missing inventory. This can include items such as a company laptop, phone or tablet that contains sensitive personal information.
Suspicious phone calls. Scammers may take advantage of social media to target your company. For example, if an employee posts that she is sick on Facebook and a scammer targeting your company sees it, that scammer may call your office pretending to be a friend or family member of that employee.
“I might call you and say that I’m the husband of the employee who is out sick,” explains Mitic.
“I might say that my wife is trying to get access to her email and can’t remember her password, and ask that you give it to me. Through this ‘social engineering’ activity, I now have access to any personal identifying information associated with that email account.”
Strange solicitations. Abnormal emails (such as those which ask you to reset your account password by clicking on the link in the email) and phone calls (people calling asking for remote access to your computer system, for example) are often indicators that you’re being targeted.
Be sure to also monitor your website and computer system for clues. “You should have in place monitoring systems which are able to detect unauthorized access to your computer infrastructure,” Mitic says.
“For online unauthorized data access, it’s incredibly helpful to be able to see these types of attacks when or shortly after they happen. [These monitoring systems] are how many tech-savvy companies learn of data breaches.”
What are some tips for avoiding a data breach?
No matter the size of your business, if you accept credit cards, typically you must be in compliance with the security standards of the Payment Card Industry (PCI). These standards dictate how data is processed and secured after a customer swipes their credit card.
While the regulations specifically outline how businesses should protect credit card data, “these guidelines can be used to protect other data, like birth dates and Social Security numbers,” says Mitic.
Additionally, the Federal Communications Commission offers these 10 cyber security tips for small businesses:
If your company does fall victim to unauthorized data access, check into applicable laws regarding unauthorized data access, including your state’s laws surrounding data breach notification. “Like any illness,” says Mitic, “the prescription will be dictated by the malady.”
Equifax maintains this interactive forum for education and information purposes in order to allow individuals to share their relevant knowledge and opinions with other members and visitors. We encourage you to participate in discussions about personal finance issues and other topics of interest to this community, but please read our commenting guidelines first. Equifax reserves the right to monitor postings to the forum and comments will be published at our discretion. Do you have questions or comments about your Equifax credit report or customer-service issues regarding an Equifax product? If so, please contact Equifax directly. All opinions and information expressed or shared in blog comments are solely those of the person submitting the comments, and don't necessarily represent the views of Equifax or its management.