It is a mistake to think of identity thieves as pesky perpetrators waiting to rummage through the trash in search of discarded mail, sliced credit cards or other physical data. White-collar criminals in search of this information often aren’t even located domestically, but rather use online resources to pilfer information from across the globe. They aren’t looking for a simple security number, either, but rather for personally identifiable information (PII), which includes birth dates, credit card numbers and billing addresses, in addition to social security numbers. The growing underground black market is a high tech business as widespread as the worldwide web, and small businesses are frequently an easy target, according to the Association of Certified Fraud Examiners (ACFE), an international organization dedicated to fighting fraud and white-collar crime.
An individual’s social security number will bring a phisher a mere $50, or thereabouts, because this type of information is quickly noticed as having been stolen. Criminals who procure complete sets of PII, however, can sell this data for more than $200 per customer. The Ponemon Institute research center in Michigan estimates the average cost of a data breach between $613,000 and $32 million, a number that was not reached through social security numbers alone. In truth, criminals have proven that they know where to go to steal profits, while mom and pop shops can often make criminals’ work too easy due to relaxed security and the lack of a plan. However, there are a number of steps that can be taken to help independent retailers avoid becoming victims of online identity theft.
According to a study conducted by communications company Verizon, 74 percent of data breaches are not a result of insiders’ deliberate actions. Most identity theft is a result of hacking and malware. While many small business owners install antiviral software on company computers and laptops, this isn’t always enough to secure valuable information. The ACFE suggests using encryption to fight identity theft with technologies, such as Secure Socket Layer (SSL) and Transport Layer Security (TLS). With these tools, in the event that information ends up in a place it doesn’t belong, the information is rendered unintelligible and therefore useless. First, determine what company data is most at risk and requires encryption, then estimate the lifetime of this information. Credit card and license numbers, for example, have a lifetime only as long as the time left before the expiration date. Once you know where you stand, it will be easier to choose the most suitable encryption technologies, such as Symantec or TrueCrypt.
Records can be encrypted with the help of hardware or software, either as they are written to disk or before. It is essential to establish procedures and policies to accompany the company’s chosen route, and determine who will have access to the information and any required keys. Stick to that plan and train only authorized users to operate your technology, making sure that all are in compliance with company policy. Keep in mind that it is essential to re-evaluate your methods regularly. All businesses should take care to update antiviral and anti-spyware devices regularly. Be sure that offices are equipped with a firewall and security patches, as well as a good emergency plan for what to do in the event that a data breach does occur. By staying on top of company information and protocols, the risk of data breach can be diminished.