How Identity Theft Can Hurt Your Small Business
Identity theft is always a problem for individuals. But for entrepreneurs, especially those who do a lot of credit card processing for their customers, identity theft can harm your business in a number of ways that could end up sending your business into the toilet.
For one thing, getting hit with a data breach can lead to all kinds of problems. Assuming you have cyber insurance — and anyone who does credit card processing and/or ecommerce should have cyber insurance — when you discover a data breach, the insurance company will send a third-party provider who will notify all your customers via email and/or snail mail. They’ll also provide one year of free credit bureau monitoring. But if you don’t have cyber insurance, you’ll have to pay for all of that yourselves.
There’s also the cash flow issue: You’ll probably lose sales for several days after the breach as you lock down your servers, move to a new provider, create new passwords, inspect your records, work with the insurance company and their cleanup provider, and deal with all of the fallout.
There are also problems of crooks using stolen credit card numbers to make fraudulent purchases on your website. When that happens, any charges that are made to your organization will likely result in chargebacks against you as banks claw back any funds you received. If you’re lucky, they’ll only take back the cash. If you’re unlucky, or you fail to respond to the refund requests in a timely manner, you’ll be hit with additional fees and may even lose the ability to process credit cards.
(If nothing else, you can avoid a lot of this by requiring dCVV2 confirmation codes on your website.
You could also suffer your own financial headaches if the crooks use your own business data to secure a credit card or loan with your credentials. At the very least, you’ll have to squash all the cards and loans taken out in your name. At the worst, you could be on the hook for that money or it could affect your credit scores.
And all of this is on top of the staggering blow to your reputation as customers leave you for someone who’s more secure and less prone to data breaches.
How Can You Protect Yourself From Identify Theft?
There are a few ways you can protect yourself and your company from hackers and identity thieves that will protect your customers, your bottom line, and your reputation.
Train your people on proper security. This starts with passwords and making sure people are using secure passwords. That means not using a family member or pet’s name, or using obvious passwords like password, or the slightly more clever p@ssword1.
It also means teaching them not to open emails from people they don’t recognize. (The 2014 Target data breach was a result of a vendor opening a phishing email.) And it means having an email security system, as well as up-to-date and strong malware protection, that protect you from phishing attacks.
You should also use automated software and systems that will detect and prevent fraud that happens through identity theft as well as friendly fraud and malicious fraud.
Even if it’s a bit pricey, it’s going to be worth it when you consider what (possibly) recovering from identity theft would cost you instead. As Innovation & Tech Today said, “It is far better to splash out on suitable robust cybersecurity measures now, rather than having to manage the costs of fraud that is made possible by your complacency further down the line.”
Finally, make sure you’re working with a payment service provider (PSP) that can provide you with secure systems to protect you from thieves and hackers. You want to make sure all parts of your payment and financial chain are secure, and that includes the people processing your different payments.
Most cybersecurity experts say businesses shouldn’t think of “if” they’ll be hacked, but “when.” Hackers and thieves are getting more and more sophisticated, which is one reason you need cyber insurance. But it also means you should consider a cloud-based server system, rather than keeping everything in-house. And it definitely means you have to practice the steps we’ve discussed just so you can reduce the odds and potential damages of the “when” ever happening to you.
Photo credit: arthur_bowers (Pixabay, Creative Commons 0)