According to a recent survey from document-destruction company Shred-it, 96 percent of small businesses believe that keeping information is secure is important. However, 25 percent of the businesses surveyed said they have never done a security review or a security audit. Another 35 percent said they don’t have a protocol in place in case a security breach does happen. Mike Prusinski, Vice President of Corporate Communications at Lifelock, says that’s the big problem with small businesses who do have a breach.
“Most don’t have a plan of what to do next,” he said . “Companies do the least they can do instead of the most they can do.”
Lifelock is an identity theft protection company that offers services to small businesses. Identity theft has been the number one consumer complaint received by the Federal Trade Commission for the past nine years in a row, costing businesses billions of dollars in lost time, wasted resources, and legal fees.
“Criminals don’t want to work hard,” Prusinski said. “My advice for small businesses is to be proactive. Don’t wait.”
Prusinski has been with Lifelock for six years, and in that time he said he’s seen too many businesses scramble and not have a plan in place to protect against the identity theft of their customers and their employees. He also said that in this scrambling, businesses tend to do the same thing to fix the issue.
“They send a letter in the mail apologizing for what happened and saying they don’t believe anyone has used the data,” he said. “To compromise, one year’s service of credit report monitoring is offered for free. But, this method doesn’t tell the customer how the company will prevent this from happening again.”
To boot, when a security breach happens, especially to large companies like Citibank and Sony, it’ll make the news. Prusinski said that the attackers may see this news, see that free credit report monitoring service is being offered, and choose to sit on the data for one year until the situation has died down. Prusinski also said that companies are not required to announce a security breach unless over 1000 people are compromised.
Even if there isn’t any local or national coverage of the security breach, that doesn’t mean there aren’t any consequences if one happens. Several cases of identity theft have forced Fay Motor Co. to close. Fay Motor Co. had been in business for 13 years, and the owner, Kip Fay, started closing down the business in April when he found out six of the business checks were stolen. Business card information was stolen as well as Fay’s personal banking information. Fay says he closed the business down not only to protect himself but his customers.
“We take customer’s information including security numbers and stuff like that. I didn’t feel comfortable being able to do that because we may compromise their information also,” said Fay.
Prusinski says to look at the potential costs: public relations, legalities, security, credit card numbers etc. In the case of Fay Motor Co., it was better to shut down than to deal with the problem.
“Consumers are the ones that pay the price,” he said. “Businesses just don’t understand how bad it can get.”