Identity theft may be something consumers are proactive about—but its small business owners that should be concerned. According to a recent survey, small business owners are victims of fraud at a rate of 15% more than the general population.
Javelin Strategy & Research’s 2011 Small Business Owners Identity Fraud Report found that in 2010, small businesses lost about $8 billion to fraud. Entrepreneurs are most susceptible to existing card fraud, at a 50% higher rate than the average consumer.
The survey was conducted via phone with 5,004 respondents.
Phil Blank, research analyst at Javelin Strategy & Research, said small businesses are low-hanging fruit to hackers and fraudsters, because they often lack the type of protection and knowledge of these crimes.
“They are very attractive targets because they are small and tend not to have formal controls in place,” Blank said. “They are very susceptible to a spear fishing attack, where someone might get two or three pieces of information from them, and then convince them to click on an attachment or something similar.“
Data can then be accessed by hackers and used for identity theft and fraud.
Small businesses often use one computer for banking, marketing and advertising, and operate in less formal environments than their corporate counterparts. Common passwords and sensitive information are often known by many throughout the small staff, and this opens the flood gates for identity and data information being taken, the study said.
The study also found that on average the amount of money that is actually stolen from small business owners is only 5% higher than it is for consumers, at $4,851. However, the cost that comes with cleaning up the mess is 150% higher than it is for consumers. Blank said this is because small business owners typically pay for their own legal fees out of pocket, because financial institutions do not provide them with zero-liability options for their business.
“You will not only be out that cash, but also the legal expenses,” Blank said.
Many things that work for consumers when protecting themselves from being targeted by fraudsters will work for small businesses, Blank said. One quick and easy thing that entrepreneurs can do is set up alerts with their bank so they are notified for different account activity such as a check clearing or money being taken out. If the action wasn’t authorized by the account holder, identity theft could be occurring.
“If you found out about it right away you can take action,” he said. Blank also recommends having robust and comprehensive antivirus software in place for computers, which is a step consumers and entrepreneurs often overlook.
Samara Lynn, lead analyst of Business and Networking at PC Magazine, said small business owners should invest in low-cost software that will encrypt their data, which makes it near impossible for hackers to break into. One option is Symantec Encryption software, Lynn said.
“Small businesses don’t have the resources of big enterprises, but there is low-cost software that’s relatively easy to deploy,” Lynn said. “That way if anyone gets that data, it’s so much harder to hack.”
Wireless security protection is also a must, she said. All networks should have a password in place, and guests shouldn’t be allowed access to the network. Lynn also recommends using a separate e-mail account for people you trust, and another e-mail for business inquiries.
“Even if you have a small business and network, these are the kinds of things you want to invest in,” Lynn said. “And having a good firewall in place is a must.”
Lastly, Blank says just use common sense. Although small business owners may feel like a tight-knit family with their employees, they are very susceptible to friendly fraud. Limiting information is definitely the way to go, when money is at stake.
“Friendly fraud tends to be a problem,” he said. “It’s hard but small business owners need to have that fundamental [instinct] to see if they should open it up for anyone to use.”