When we hear about possible identity theft and data breaches in the news, they almost always involve a large corporation. Remember when the PlayStation network got hacked back in April of 2011? That incident put 77 million people’s credit card info at risk. Scary, right?
With your bank account or business credit card information, cyber criminals can make fraudulent money transfers or counterfeit cards. You might them to go after large accounts more frequently, since there’s more money and sensitive data to be had, but they’re especially interested in small business accounts, which are statistically easier to access.
According to Dell SecureWorks (a security arm of the PC company), cyber crooks are stealing as much as $1 billion a year from small and midsize company accounts in the U.S. and Europe. As of September 2011, the FBI’s cyber crime division is currently investigating 400 reported cases of corporate account takeovers, resulting in the attempted theft of $255 million and an estimated actual loss of $85 million. That’s certainly nothing to sneeze at.
Businesses Face Greater Identity Theft Risks
Businesses should take many of the same precautions as individuals when it comes to protecting their identity and account information.
However, as the Better Business Bureau rightfully points out, businesses face a number of their own special challenges when it comes to online security. Most have to do with the higher level of traffic on business servers. Businesses are more likely to use networked computers and have “always on” high speed internet access.
Further, while personal computers might have several users, business computers often have hundreds.
Another major issue is varying fraud protection standards. When identity theft happens, many people rightfully expect their banks to help them out. Your individual bank account is covered by fraud insurance, but your commercial account might not be. If that’s the case, you’re going to have to foot the bill when there’s a breach.
Online Security Pitfalls
Most people agree we need better security measures in place for online banking, but you can’t always blame the security system. If the person with access is compromised, all bets are off.
According to Gordon M. Snow, assistant director of the FBI’s cybercrime division, cyber criminals frequently access online financial and market systems through the compromise of a legitimate user’s account credentials. From here, they can withdraw and transfer funds by masquerading as a legitimate user.
To make their actions even harder to trace, the funds are usually transferred overseas. Despite increased efforts to combat cyber crime, the FBI and the U.S. Secret Service have an especially hard time tracking cybercriminals for this very reason. They have a much better chance of busting the middlemen than catching the original perpetrator.
How to Guard Your Small Business from Identity Theft
If you’re a small business owner, one of the smartest moves you can make is to beef up your online security systems. Cybercriminals look for easy targets; they’re less likely (and less able) to mess with you when you have good safeguards in place.
It is just as important to educate your employees on cyber security. Sure, an employee might create a data breach on purpose, but the vast majority of breaches are caused by carelessness or just plain ignorance. It’s up to you to give your employees all the tools they need to keep transactions secure.
Here are a few things you should be doing to protect your online security, if you’re not already:
- Secure your equipment. If you have a server, keep it in a safe, controlled location, and only give access to people who absolutely need it. Back up all your data on a regular basis.
- Password-protect everything. Each employee should have a separate and encrypted password for any kind of internet or network access, if possible. The most secure passwords combine letters, numbers and symbols. When an employee leaves the company, disable their account immediately, even if they left under good terms.
- Ensure anti-virus protection software is comprehensive and up-to-date. Most software has an “auto update” feature to make this process easier. Ensure each computer has a firewall (this is gatekeeping hardware or software that blocks unauthorized users from your network). Many firewalls also allow you to monitor logging data for unusual or suspicious activity. Do so regularly.
- Install software security patches. Most software vendors regularly update their products to make them safer. A “patch” corrects a bugs that impact security. Most vendors will prompt you for updates automatically.
- Talk to your bank about their online security system. We love small banks, but some are better than others when it comes to internet security. Let them know your concerns and make sure they have a modern system in place. If you have a business account, find out if it has fraud protection.
- Be aware of your credit and debit card protections. While rewards credit cards often offer very good fraud protections, debit cards are less lenient.
- Educate employees about responsible internet use. Let them know they should be cautious about e-mails from unknown sources and file sharing. Have a list of actions they should take if their computer becomes infected with a virus.
To learn more about online security for your business, check out the Federal Trade Commission guide to protecting personal information.
Read More: Online security for your small business
Tim Chen is the CEO of NerdWallet, a credit card comparison side dedicated to bringing you the most consumer-friendly small business credit cards.
