Many recent articles and news stories have centered on data theft practices by hackers that have affected a number of the large box-store chains. Warnings have also been issued to senior citizens by AARP and other organizations on how vulnerable seniors and the elderly can be to scams and data theft by those who choose to prey upon them.
Not a great deal has been said about small businesses in this regard, leading one to believe that it is only the large chain stores and the elderly that are the target of scam artists and hackers. The truth is, a small business is more likely to be targeted than is the typical adult. Something a small business needs to be aware of is the fact that data is not considered to be a tangible asset by insurance companies, and when data is stolen, any and all costs involved may not be covered by a businesses’ insurance.
One reason for this is that small business owners tend to be more trusting. Whether these owners only have a few clients or a few hundred, they tend to build more personal relationships with some of their repeat clients, whereas a box store’s repeat customers are seldom waited on by the same checkout clerk from one time to the next. Unfortunately, not everyone can be trusted, whether the person is a customer or an employee, and it only takes on individual who has less than honorable intentions to walk off with receipts or gain access to files stored in a small businesses’ PC or database.
It can be much more difficult to prevent data theft if you, as a small business owner, do not have the right procedures in place to do, and even more difficult if you have no procedures in place at all or have not even consider the need for such procedure.
Monitoring — The basic procedure required to provide a measure of protection can be summed up in a single word – monitoring. If internal bookkeeping is monitored on a daily basis and checked for discrepancies, many data theft issues can be nipped in the bud. Once a data thief succeeds, business records and accounts appear to be low-hanging fruit.
Securing — Another benefit to be gained by periodically monitoring accounts is that the practice tends to highlight any areas where security measures need to be put in place. Is information being stored in a safe place? Is information too accessible before it is stored away in a safe place? If information is to be transmitted from one location to another, is the link a secure one?
Lack of Trust vs. Paranoia — Know those you regularly do business with. A small business owner who runs a Mom and Pop store is often uncomfortable with the idea of not trusting customers or employees, especially if an employee is a friend or a family member. Not trusting anyone might keep a potential problem from occurring, but such a practice could easily lead to paranoia and an uncomfortable relationship between all parties concerned. If accounts are monitored and the appropriate security measures have been put in place, there is no need to be suspicious of others per se. The practice should rather be one of being on the lookout for suspicious actions of others, such as indicating a desire to look at data when the need to know is not there.
Data Governance — A small business might feel powerless against a cyber-attack since the perpetrator could be a close neighbor, someone in your store or standing outside your store with a laptop with a data sniffing capability, or be located a continent away. ATMs and in store card swipes have been frequent targets of data sniffers. It is often the customer and not that store that is hurt, but either way is bad for business. The answer to protecting against cyber-attacks is one of data governance, and involves such things as not using e-mail to transmit sensitive information unless the service is a secure one, not opening e-mail attachments from unknown sources or that appear at all suspicious, changing passwords regularly, and locking computers when away from the office or the business.
Protecting against payment card data theft and other kinds of data theft is not as complicated as it might appear to be. A great deal of protection can be had by taking a few simple procedural steps. If data loss is expected to cause loss of business or major expenses, adding a rider to an existing insurance policy to cover such losses would be something well worth considering.