How to Protect Your Business from Identity Theft: Prevention
Remember the old saying that an ounce of prevention is worth a pound of cure? Well it holds true for data breaches and identity theft. The data security education organization Online Trust Alliance reviewed 500 data breaches and estimated that 89 percent of them could have been prevented. If so many data breaches are preventable, why do they still occur?
There are a few reasons. Often people just make mistakes. Well-meaning employees might accidentally expose their company's data. Other times, businesses don't focus closely enough on data security, or they find data security practices to be
Employee mistakes and lax attitudes toward security both speak to a gap in understanding – if small businesses understood their data security better, they'd be able to prevent more identity theft.
What Many Businesses Don't Understand about Data Breaches: They're Expensive
If businesses don't take data security seriously, it's because they don't understand how costly even a small data breach can be. Data breaches and ID theft mean your business must spend tens of thousands of dollars to limit the damage and
shore up its network security. After a cyber attack, you'll face many direct and hidden expenses, including…
- Lost revenue.
- Damage to your business reputation.
- Credit monitoring for your customers.
- Costs to figure out how a breach occurred and repair your network.
The Ponemon Institute estimates that data breaches cost $195 per lost record, which means that a cyber attack
involving just 500 records could cost you almost $100,000. If your customers are victims of ID theft after their data is exposed, you can expect to pay even more.
What can you do to prevent a $100,000 data breach? Depending on the nature of your business and the technology you use, you'll need to take different measures to prevent data breaches and identity theft. We'll go over some of the common data
breach prevention techniques small businesses can use, but first we need to understand how to institute a company-wide data protection policy.
How Data Security Is Like Preventing Fires
It might be helpful to think about data breaches as if they were another kind of risk. Let's say you run a warehouse, and you're concerned with preventing fires. What would you do?
You might dispose of potentially flammable material, make sure the wiring in the building is up-to-date, clean your warehouse, throw out unnecessary material that could catch fire, and hire a fire safety expert to inspect your warehouse. A proper data
security approach works the same way.
To prevent data breaches, you'll want to…
- Get rid of old data you no longer need to do business.
- Update your software with any security patches available (these fix holes where hackers have gotten in in the past).
- Review your data collection policies to make sure you're only collecting data you need to do business.
- Work with an IT professional to review your network for potential security weaknesses.
It's also important to understand what makes data security different from other risks: identity theft prevention must start at the employee level. Because your employees implement the IT policies that will secure your data, you'll have to train
and educate each one. This is easier said than done.
Every time your employees log onto your network, there's a risk that they could expose your company's data. The passwords they choose, emails they open, and files they access determine the risks your company faces.
And if you don’t have any employees? Then data breach and identity theft prevention falls squarely on your shoulders. That’s one reason it’s a good idea to have a breach prevention and data protection plan in place: once you’ve
outlined the essentials, you don’t have to agonize over every move.
A comprehensive data breach prevention plan will…
- Outline what you expect from employees (and from yourself) and give everyone the tools necessary to be secure users.
- Have IT policies in place to limit data breaches and prevent identity theft.
- Establish a workplace culture of security diligence.