By Mark Pribish, Vice President and ID Theft Practice Leader, Merchants Information Solutions, Inc.
Most people believe ID Theft is only a problem for individual consumers.
However, the current environment of cybercrime, data breaches and the insider threat have put a target on the backs of small businesses – where small business identity theft and fraud has become a new and emerging risk management issue.
So let’s begin with what we know:
Now here is some information you may not know:
In 2012, a number of research reports and surveys highlighted how Small Business ID Theft and Fraud has become a new and challenging risk for small business owners including:
If you own a small business, the three main things you need to understand are:
Small Business ID Theft Risks such as the loss of business account information such as the Employer Identification Number (EIN) or business bank account information as well as employee or customer data (e.g. credit card number, checking account number, social security number, driver’s license number).
This sensitive information can be used to initiate unauthorized activities that appear to be in the name of the business and/or employee and customers. It is quite similar in concept to personal identity theft except that small businesses DO NOT receive the same consumer protections as individual consumers.
Regulatory and Data Security Laws including The FACT Act, the Red Flags Rule, the HIPAA HITECH data breach requirements and the 46 State Security Breach Notification Laws.
If your small business experiences a data breach, you will most likely have to respond to one or all of the above state and federal laws. Failure to comply is illegal, and can result in fines and penalties negatively affecting your business.
Enterprise Risk Management because no matter whether your company has one person or ten, your legal and financial liability – in the event of a data breach – could be the same as a Fortune 500 company.
It’s up to you to protect your business from the threat of identity theft. These are some basic risk management actions that you can take: