Data Breach Red Flags Every Small Business Owner Should Know
Sign up for our FREE Monthly Email Newsletter
In addition to keeping in the financial know, you may be interested in checking your credit score and report.
¹The credit scores provided under the offers described here use the Equifax Credit Score, which is a proprietary credit model developed by Equifax. The Equifax Credit Score and 3-Bureau scores are each based on the Equifax Credit Score model, but calculated using the information in your Equifax, Experian and TransUnion credit files. The Equifax Credit Score is intended for your own educational use. It is also commercially available to third parties along with numerous other credit scores and models in the marketplace. Please keep in mind third parties are likely to use a different score when evaluating your creditworthiness. Also, third parties will take into consideration items other than your credit score or information found in your credit file, such as your income.
²The Automatic Fraud Alert feature is made available to consumers by Equifax Information Services LLC and fulfilled on its behalf by Equifax Consumer Services LLC.
³Equifax Credit Report Control™ is only available while you have a current subscription to Equifax Complete Premier. Locking your credit file with Equifax Credit Report Control will prevent access to your Equifax credit file by certain third parties, such as credit grantors or other companies and agencies. Credit Report Control will not prevent access to your credit file at any other credit reporting agency, and will not prevent access to your Equifax credit file by companies like Equifax Personal Solutions which provide you with access to your credit report or credit score or monitor your credit file; Federal, state and local government agencies; companies reviewing your application for employment; companies that have a current account or relationship with you, and collection agencies acting on behalf of those whom you owe; for fraud detection and prevention purposes; and companies that wish to make pre-approved offers of credit or insurance to you. To opt out of such pre-approved offers, visit www.optoutprescreen.com/.
4We will require you to provide your payment information when you sign up and we will immediately charge your card $4.95. After that, we will charge the card $19.95 for each month you continue your subscription. You may cancel at any time; however, we do not provide partial month refunds.
Equifax® is a registered trademark and Equifax Complete™ Premier is a trademark of Equifax, Inc. © 2014, Equifax Inc., Atlanta, Georgia. All rights reserved.
As more customer information is stored online, data breaches pose an increased risk to business owners and consumers alike.
A data breach often involves the loss of personally identifiable information. “Think about any information that is unique to you as an individual, or when combined becomes unique,” says Scott Mitic, senior vice president of Equifax Personal Solutions.
For example, information compromised in a data breach can include customers’ and employees’ names, addresses, Social Security numbers, dates of birth or medical insurance information.
A data breach—especially one that includes the loss of personally identifiable information—poses obvious threats to your customers, including the threat of identity theft. According to the “2013 Identity Fraud Report” by Javelin Strategy & Research, which looks at 2012 data, 1 in 4 consumers who received data breach notifications became victims of identity theft.
But it’s not just consumers who are impacted—small retailers also lose out. The Javelin study found that victims are more selective about where they shop after a fraud event, with 15 percent of victims choosing to avoid smaller online merchants.
How do data breaches happen?
According to Mitic, two common ways that companies become data breach victims are through physical access to confidential information and online computer vulnerabilities.
“In general, data breaches are most frequently perpetrated by someone the business owner knows,” Mitic notes. “It can be a vendor, an employee with access to a customer database, or an outsourced IT team who comes in to do desktop support or update software.”
In less common cases, data breaches occur when online hackers are able to gain access to your company database that holds confidential information, such as the personal information of your employees and customers.
“There are vulnerabilities that can be created through a company’s website or interface—where data is being moved electronically,” Mitic says.
What are a few signs that your business has fallen victim to a data breach?
A data breach can be incredibly damaging to your small business. In fact, in a March survey of small business owners conducted by the Ponemon Institute, 70 percent of respondents agreed that the loss of employees’ and customers’ sensitive personal information would do more harm to their businesses than the loss of confidential company data.
As a victim of a data breach, you could lose customers, business partners or employees, so it’s important you catch a data breach early. That way, you can help retain as many of your current customers, business partners and employees as possible.
Mitic says there are some red flags that may indicate your company has been victimized. A few examples include:
Missing inventory. This can include items such as a company laptop, phone or tablet that contains sensitive personal information.
Suspicious phone calls. Scammers may take advantage of social media to target your company. For example, if an employee posts that she is sick on Facebook and a scammer targeting your company sees it, that scammer may call your office pretending to be a friend or family member of that employee.
“I might call you and say that I’m the husband of the employee who is out sick,” explains Mitic.
“I might say that my wife is trying to get access to her email and can’t remember her password, and ask that you give it to me. Through this ‘social engineering’ activity, I now have access to any personal identifying information associated with that email account.”
Strange solicitations. Abnormal emails (such as those which ask you to reset your account password by clicking on the link in the email) and phone calls (people calling asking for remote access to your computer system, for example) are often indicators that you’re being targeted.
Be sure to also monitor your website and computer system for clues. “You should have in place monitoring systems which are able to detect unauthorized access to your computer infrastructure,” Mitic says.
“For online unauthorized data access, it’s incredibly helpful to be able to see these types of attacks when or shortly after they happen. [These monitoring systems] are how many tech-savvy companies learn of data breaches.”
What are some tips for avoiding a data breach?
No matter the size of your business, if you accept credit cards, typically you must be in compliance with the security standards of the Payment Card Industry (PCI). These standards dictate how data is processed and secured after a customer swipes their credit card.
While the regulations specifically outline how businesses should protect credit card data, “these guidelines can be used to protect other data, like birth dates and Social Security numbers,” says Mitic.
Additionally, the Federal Communications Commission offers these 10 cyber security tips for small businesses:
If your company does fall victim to unauthorized data access, check into applicable laws regarding unauthorized data access, including your state’s laws surrounding data breach notification. “Like any illness,” says Mitic, “the prescription will be dictated by the malady.”
Equifax maintains this interactive forum for education and information purposes in order to allow individuals to share their relevant knowledge and opinions with other members and visitors. We encourage you to participate in discussions about personal finance issues and other topics of interest to this community, but please read our commenting guidelines first. Equifax reserves the right to monitor postings to the forum and comments will be published at our discretion. Do you have questions or comments about your Equifax credit report or customer-service issues regarding an Equifax product? If so, please contact Equifax directly. All opinions and information expressed or shared in blog comments are solely those of the person submitting the comments, and don't necessarily represent the views of Equifax or its management.