4. Identity theft resulting from public databases. Individuals, especially business owners, often publish lots of information about themselves in public databases. It is a sort of catch-22 because a small business owner wants to maximize exposure while still protecting individual privacy. Businesses are registered with the county clerk, telephone numbers are in the phone book, many individuals have Facebook profiles with their address and date of birth. Many identity thieves can use information searchable publicly to construct a complete identity. SMBs need to think carefully about how and where to gain exposure for the business, and consider the consequences of sharing sensitive information publicly.
5. Identity theft resulting from using a personal name instead of filing a DBA. Along those same line, sole proprietors that do not take the time to file a Doing Business As application are at a far higher risk of identity theft due to their personal name, rather than their business names, being published publicly.
6. Bank fraud due to gap in protection or monitoring. Business owners know that it is vital to balance their accounts every month to ensure that checks are not being written out of business funds by embezzlers, but many businesses rarely, if ever, check what kind of credit accounts have been opened under the business name. Monitoring services like myID.com can alert business owners when new credit accounts are opened fraudulently.
7. Poor emailing standards. Many businesses use email as if it is a secure means of communicating sensitive or confidential information. The reality is pretty much the exact opposite. Emails are available to a number of people other than the recipient, and there is generally ample opportunity for email communications to be intercepted in transit. It's more appropriate to treat emails as postcards, rather than sealed letters.
8. Failing to choose a secure password. Use secure passwords. Please. In fact, many security experts are recommending the use of a pass phrase, rather than a password. Pass phrases are several words long, at least three, and are far more secure than passwords. A pass phrase like "friday blue jeans" can be typed far quicker than a complicated password, and it doesn't need to be written down on a scrap of paper stuck to a monitor to remember it.
9. Not securing new computers or hard drives. Businesses that do not have a dedicated IT department or information security administrator should seriously consider using outside consultants to secure and lock down PCs and hardware. If the security controls available within an OS like Windows 7 are enabled and properly configured, most data breaches can be thwarted.
10. Social engineering. Social engineers are individuals that call and claim they are from another organization. Social networks like Facebook and LinkedIn are also at risk for attackers attempting to exploit the social framework to gain access to sensitive information. The attacker may even claim to be with a firm that a business owner does business with. If someone you do not know calls on the phone, or contacts you by email, or through a social network, be sure that it is the person you think it is before revealing passwords or confidential information. Better yet, have a policy in place dictating who is allowed to reveal such information and under what circumstances.
If you take a look at these ten scenarios within your business, and follow the guidance provided, you can prevent the vast majority of data and privacy breach incidents