Identity theft and security basics for businesses

Incidents involving cybersecurity are hard to accurately track by their nature - hackers and digital fraud organizations don't tend to be very transparent regarding their business activities. Legitimate enterprises and governments, however, routinely release such information, and therefore have made it clear that cybersecurity initiatives are among the top funding priorities for companies in every industry.

Based on what we do know, small-business owners and entrepreneurs are probably underestimating their risk of falling prey to these digital threats. As with any other external risk, simply assuming your business is safe from online theft or fraud is equivalent to painting a bullseye for criminals. Fortunately, simply taking account of the basic steps to securing your business from cybercrime is often inexpensive and effective.

What's the risk?

While some might still associate the word "cybercrime" with science fiction movies, it has become among the biggest sources of financial risk to just about anyone engaged in the modern global economy. According to a study from the Ponemon Institute and cited by Hewlett-Packard, the price tag of a digital attack for the average business was approximately $9.5 million in 2016. This has increased by double-digit percentages for the last several years.

"Sixty percent of small businesses suffering a cyber attack closed down within six months as a result."

With numbers like that, it's no surprise that the typical small business stands to lose more from a hacked bank account or fraudulent transaction. A study by the National Institute of Standards and Technology found that 60 percent of small businesses suffering a cyber attack closed down within six months as a result.

"For some small businesses, the security of their information, systems, and networks might not be their highest priority," the NIST study explained. "However, an information security or cybersecurity incident can be detrimental to their business, customers, employees, business partners, and potentially their community."

As the NIST and other researchers have found, one of the biggest predictors of a digital security breach within an organization has nothing to do with computers, phones or locked doors. Rather, businesses and individuals create a tempting mark for criminals by simply being unaware that they even are a target. A 2014 survey from the National Small Business Administration estimated nearly 1 in 4 small-business owners had "little to no understanding of the issue whatsoever." At the same time, the NSBA found nearly half of respondents had ever been a victim of a cybercrime.

There's no question that small businesses or even freelancers stand to lose so much should their data or systems fall into the wrong hands. But they are also in a difficult position to take the necessary steps due to budget constraints or plain confusion. Luckily, many of the steps taken by businesses of all sizes to prevent cybercrime are the same basic tips everyone should follow when using the internet.

Strong passwords

First and foremost in this strategy, an ounce of prevention is needed. No matter if it's for a business or personal use, online passwords need to be strong and unique.

  • Ideally, every password you use should be different, and each should contain a mixture of letters, numbers and symbols.
  • Never use a word you would find in the dictionary as a password. Don't use other bits of information, like your birthday or pet's name either.
  • Keeping track of all your passwords is easier with a password manager program. Or you could simply write your passwords down and keep them in a secure location. Failing that, just be sure to use a different password for every email account, bank account or credit card. This should at least keep your financial and personal information secure.

Two-factor authentication

A strong password alone can deter most digital thieves, but not all of them. Most email services and financial institutions allow users to enable two-factor authentication, which requires both a password and a second code sent to another device, to gain access. Usually, after entering the correct password, the service will send a text message to your phone with a second unique code. This prevents someone from gaining access even if they happen to know or guess your password, but only as long as the second device isn't compromised, too.

PasswordNever use a word you would find in the dictionary as a password. Don't use other bits of information, like your birthday or pet's name either.

Check bills and statements

In just the last few years, billions of people around the world have had some form of personal information leaked through numerous security breaches at popular online services. These attacks have been so widespread that there's a good chance just about every internet user has had some of their information leaked to unscrupulous entities. 

Even so, there's little reason to suspect that your bank account could be drained any day now. Still, the nature of these incidents makes it important to keep tabs on your digital finances. Take a moment to check credit card and bank statements each month, keeping an eye out for unfamiliar transactions. Most banks and card services have systems in place to catch this fraud automatically, but it never hurts to take another look.

If you do notice fraudulent charges on a statement, call customer support promptly. Your credit account may be frozen or canceled to prevent more fraud, which could cause some disruption in bill payments.

Staying safe

Finally, be sure to follow some general tips for safe online browsing, no matter what you're doing.

  • Be wary of emails, or even phone calls and direct mail, that ask you to reveal some piece of personal information, like your password, Social Security number or birthday. Known as "phishing" scams, these may be disguised to appear as legitimate emails from a company or person you know and trust. If you're not sure about the authenticity of one of these requests, get in touch with the person or organization in question via phone or in-person to confirm.
  • Don't open email attachments or links that appear suspicious. 
  • Tell friends and family members about these online habits to spread the word about safe browsing habits.

Online fraud may be hard to avoid and even harder to track, but by taking the most basic steps, it's easy to deter the majority of incidents.

Back to Blog