The massive Epsilon data breach should serve as a warning and wake-up call to small business owners.
While mom-and-pops may not have the clientele of the Targets (TGT) and Wal-Marts (WMT) of the world, they are just as susceptible to having their information stolen. With smaller staffs and less resources, recovering from a security breach can be time consuming and expensive for small business owners.
Eduard Goodman, chief privacy officer at Identity Theft 911, said unlike major corporations, small business owners often do not realize they are at risk for a major breach. He also said many owners are unprepared with the proper protocols to handle the aftermath.
"Small business owners don't have an IT infrastructure, it's usually a glorified home network," Goodman said. "They also don't have someone dedicated full time to looking at the risk, and making sure the proper patches are in place. Using cheaper, off-the-shelf solutions are just not as robust in a business setting."
Small business owners are often focused on more tangible risks, like disasters or robberies, Goodman said, overlooking the risk that can be right in their building. The first way to protect your business is by establishing some guidelines as to who can access what information, he said.
"In a small business, people wear multiple hats. But it may not be reasonable to have your receptionist access all of the major data, like accounting, payroll, client or patient information," he said. "Small businesses worry about acts of God, or their building burning down, but they don't think about acts of hacker or a bad move by an employee."
The cost of a data breach for a small company can be $200 and up, per lost record, on the higher end of the price spectrum, according to Goodman. Oftentimes, small businesses need to send a letter to every person whose information was compromised, which includes having a lawyer look at it first, which can cost between $500 and $1,000. Send the letter out can cost between $1 and $2 per letter. If customers’ Social Security numbers are exposed, the cost is even higher: credit monitoring has to be offered, which can cost between $50,000 and $100,000 per person, but typically between 5% and 40% actually take the bait, he said.
And even after all of that, your reputation may still never be repaired.
So much time goes into establishing a loyal clientele, Goodman said, and that trust can be broken within seconds.
Small business owners can mitigate this risk upfront, before getting into hot water with hackers. Here are Goodman's tips for protecting your business:
No. 1: Steer clear of WiFi. "It's not inherently secure," according to Goodman. "If large corporations can't secure them properly, small businesses can't use it." If you do choose to use WiFi, make sure your using the most up-to-date security protections, and don't access company files from WiFi hotspots, they may not be protected.
No. 2: Keep your software updated. This goes for antivirus, malware and spyware, Goodman said. While keeping everything up to date may be an added cost, it's worth it. "The new versions are better secured from a network connection," he said.
No. 3: Only take the information you need. If you run a local deli, for example, there is no need to ask customers for their Social Security number, Goodman said. That just puts your business at greater risk and is an extra burden on your own security as an owner.
No. 4: Encrypt, encrypt, encrypt. If you need sensitive information from your customers, make sure you are encrypting the data. This may sound high tech, which is why many small business owners shy away from doing it, but Goodman says it can easily be done by choosing the "password encrypt" option on programs like Excel and Microsoft Word. "This is so important because it stops other people from accessing your information. It can keep you, and these people, from experiencing fraud."