|
Think Data Security Isn’t a Small
Business Problem?
Think Again.
Click Here to Download Your Copy!
Better Business Bureau Launches National
Initiative to Help Small Businesses Protect Customer and Employee Data
With headlines focusing on major data
security breaches, small business owners may feel a false sense of
protection against becoming a victim of data theft. Unfortunately,
more than one-half of the small businesses in the U.S. have experienced a
security incident in the last year, according to a 2005 survey by the Small
Business Technical Institute. Small businesses struggle with security
and privacy issues as much, or more, than their larger counterparts, but
they often don’t have the same resources or internal expertise to help them
manage it.
The
Council of Better Business Bureaus, in partnership with two nationally
recognized security and privacy experts and some of the nation’s leading
corporations, on Monday, March 27, will launched
Security & Privacy –
Made Simpler ™,
to help small
business owners protect their customers’ data from would-be thieves.
Problem of Data
Theft Among Small Businesses
o
Small business owners are generally more
focused on running their businesses than on protecting their data, and are
more likely to have sloppy security practices.
o
Despite that complacency, more than half
of all small businesses (56%) have experienced a security incident in the
last year. And of those consumer identity theft victims who know who
stole their identity, 20% say it was a service employee, like a waiter or
cashier.
o
Nearly 1/5 of small businesses do not use
virus scanning for email, and over 60% do not protect their wireless
networks with encryption.
o
Many small businesses have primarily
thought of security as an online problem, when there are also significant
offline dangers.
A Step-By-Step
Guide that Tells Small Business Owners
How and Why to
Protect Their Customers’ and Employees’ Information
A
lot of attention has been paid to major, high-profile data breaches (ChoicePoint,
MasterCard, LexisNexis) and all the security fortresses that big companies
should build to protect themselves. But what about the local dry cleaner,
auto body shop, CPA, or beauty salon? In the media and the public
imagination, small businesses’ vulnerabilities have often been eclipsed by
larger companies’ data breaches.
A new guide
from the Better Business Bureau is designed to close that gap and help
small businesses look beyond their storefronts, by providing them with
an accessible, plain-English, step-by-step guide to protecting their
customers’ and employees’ information. The guide takes a back-to-basics
approach, reminding small business owners that shredding documents,
minimizing access to sensitive data, spot-checking employees’ backgrounds
and not responding to emails asking them to verify personal or financial
information is just as important as buying new security software.
This guide
boils security and privacy into 25 pages, with a “user’s guide” up
front. For example, the guide:
o
Gives small businesses real-world
scenarios that show how thieves often steal their customers’ identities
o Gives
simple tips to help businesses identify weak spots, like shredding sensitive
information, getting credit reports for job applicants as a screening tool,
locking up customer account and employee records, and not transmitting
personal information over e-mail
o
Identifies low-tech ID theft methods
like dumpster diving and employee theft, as well as high-tech methods like
phishing and hacking
o
Gives common-sense advice, such as
“if you don’t absolutely need a piece of customer information, the best
policy is, don’t collect it,” and “if you possess customer data you no
longer need, discard it – securely”
o Recommends
that employees only be given access to the customer and business information
they need to do their job
o
Outlines the steps a company should
take in the event of a data breach
Click below to download a copy of
Security & Privacy –
Made Simpler ™,
FAQ’s from Small Businesses on This Topic
Q:
How can incorporating data security and privacy into my business operations
help my business grow?
A: Surveys show
there is direct relationship between customer trust and business patronage.
Also, customers are more willing to give businesses information about
themselves, if they know the business will handle the information the right
way and keep it secure. That information may help you tailor your marketing
campaigns as well as your products and services so they are attractive to
your clientele.
Q:
Does my small business have to comply with the same laws and regulations
that affect “big business”?
A: In most cases,
yes. businesses of all sizes – not just the big corporations – are
held responsible for complying with federal and state customer data security
and privacy laws. If your small business does not comply with the laws that
you are required to follow, you can be faced with fines or lawsuits. For
more information on which laws may affect your business, see Chapter 1 of
Security and Privacy – Made Simpler.
Q: I already have a firewall installed on my business PC. Isn’t that
enough to protect the data on the computer?
A:
Technology, such as a firewall, is just one piece of the security and
privacy equation. Effective policies, along with proper employee security
training and business-wide implementation, are additional areas of security
that require your attention.
Security and Privacy
– Made Simpler offers
information and tips on many kinds of high-tech and low-tech security
options available to small businesses.
Q: What are
security and privacy policies and why do I need them?
A: Your security and privacy policy tells your customers how you will treat
their personal information – how you will collect it, use it, and keep it
secure. It should also give your customers the option of “opt-in” or
“opt-out” to communicate to you if they wish to receive (“opt-in”) or not
receive (“opt-out”), “subscribe” or “unsubscribe” and
how
they wish to receive marketing communications from you (e-mail, US postal
mail, etc.). Smart companies offer meaningful privacy choices, and
effectively carry them out. Those that don’t, risk losing their customers.
Q: Do identity thieves steal customer
information from small businesses?
A: Yes. In fact small
businesses are an attractive target for ID thieves because they frequently
do not have the strong data security protections that big businesses have in
place. This is all the more reason to develop a strong data security and
privacy plan. See Chapter 3 of Security and Privacy – Made Simpler
for more information on how to develop a security and privacy plan, and
Chapter 6 for specific information on how to fight ID theft as a small
business owner.
Q:
What role do employees play in customer data security and privacy?
A: Employees who
handle customers’ personal information should also play a significant role
in protecting that information. Each of your employees should have access
only to the sensitive information necessary to do their specific jobs. When
you control employees’ access to information, you significantly reduce the
risk of data exposure. Your employees need training for how to protect the
privacy, confidentiality and security of personal information. For tips on
employee security training, see Chapter 7 of Security and Privacy – Made
Simpler.
Q:
Do I need to perform a background check on perspective or current employees?
A: A large
number of identity thefts originate in the workplace. Exercising care to
hire honest employees is one of the best ways to help secure your business
and reduce the risk of identity theft or fraud to you or your customers.
Conducting background spot-checks can assist you in learning and assessing
the character pattern of prospective employees (or of your current employees
– if you did not use a background spot-check before hiring them).
Q:
I don’t store customer data electronically. Is data security an issue for my
small business?
A: ID thieves
and other fraudsters operate using both high-tech and low-tech methods so
data security applies to every business that collects and stores
customer information. Criminals are after credit card numbers, Social
Security numbers, driver’s license information and numbers, mailing
addresses, e-mail addresses, and telephone numbers. If this
information is kept on paper in your business, it must be kept securely in a
locked area.
Q: If customer
data is lost or stolen from my small business, who should I tell?
A: If a breach
occurs, alert appropriate law enforcement officials immediately so they can
investigate the incident. Talk to a lawyer to get advice on which law
enforcement authorities you should contact. This could include local police,
state authorities, or even the FBI. The major credit card companies also
advise that you immediately contact your credit card processor and your
acquiring bank. It is also recommended that you alert the three national
consumer reporting agencies and the bank or company that you hire to process
your payment cards.
Q:
If customer data is lost or stolen from my small business, do I have to tell
my customers?
A:
Twenty-three states have laws that require customer notification in the
event personal data is lost, stolen, or inadvertently disclosed, and these
laws may expand to a national level soon. Many states require you to notify
your customers of any data breach. Other states require notification
when harm to potential victims is likely.
Q:
My small business does some business internationally. Am I required to
follow international data and security laws?
A: Over 50 nations
have personal data protection laws that regulate the handling of
consumer information by businesses. Most data protection laws apply to all
businesses that handle customer information, regardless of size. Even a
company with no physical presence in another country – but which engages in
international business-to-consumer e-commerce – is often required to comply
with these laws. See Chapter 14 of Security and Privacy – Made
Simpler for more information on global transactions.
Back to Member Services
| 
