Business Owners and Individuals have no idea of what it will take to fix a Data Breach.
Identity Theft and Business
14 years ago, we heard of identity theft as thieves taking mail. Just a few years later, identity theft has become an underground industry, from low-tech theft to high-tech credit payment systems and a wide variety of other identity theft schemes.
The revenues from stealing data have surpassed the revenues from drug trafficking. We can be careful with our information, but our data is stored in so many places that our actions no longer dictate our identity theft risk.
The identity theft epidemic is tracked by a couple of organizations, the Federal Trade Commission, or FTC, which ranks identity theft as its number one complaint, and the Privacy Right Clearinghouse, which, among other things, tracks data breaches from businesses and government organizations. Just 4 years ago, this list was printed out in a few pages; now, it’s over 100 pages just listing the number of organizations that have had data breaches via hacking, insider theft, stolen laptops, and the list goes on.
There are 3 primary considerations for the business owner: their identity, their employee’s identity, and their customer data.
- Their identity is at risk – I sometimes ask the owner of a business if they have an extra 165 hours of free time Monday thru Friday from 8 to 5 EST, the average time spent by people whose identity has been stolen. Not only is time a factor, but often with small businesses, the business credit is directly related to the business owner’s credit.
- Their employee’s identity is at risk – Again, small businesses cannot afford to have distracted employees or employees taking days off to repair their identity theft issues. Often the business stores personal information on their employees, things like employment applications, payroll data, healthcare data, etc. This information needs to be secured.
- Customer data can range from credit card data to detailed personal information. First, what information do they have? Everything from name and address to social security numbers, driver’s licenses, account information, credit information, and date of birth can be helpful to a criminal. This customer information is now regulated by different State and Federal laws and regulations. While the details and specifics vary for each business, mainly if you lose it, you bought it. Research on the direct costs from the Ponemon Institute in October 2006 found that information losses cost U.S. companies an average of $182 per compromised record. According to another expert, the loss or theft of just one laptop can cost a company as much as $90,000 or more in fines, credit monitoring for victims, public relations damage control, and class action litigation.
It is essential to remember while statistics vary, the outcome for a business that has a data loss includes the tangible and the intangible. Michael Freidenberg wrote in The Coming Pandemic, CIO Magazine:
“If you experience a security breach, 20 percent of your affected customer base will no longer do business with you, 40 percent will consider ending the relationship, and 5 percent will be hiring lawyers!”
While I don’t believe in whining about today’s economy, it’s essential to keep our customers while we look to expand our client base. All businesses must look at what data they maintain on their customers and employees and protect it vigorously.
BAA-Solutions offers a variety of Products and Services to help protect your business.
https://www.ftc.gov/system/files/documents/public_comments/2017/10/00004-141444.pdf