Small Business Owners Can’t Afford to be lax on Security

It appears that consumers are certainly becoming more proactive about protecting themselves from identity theft. But small business owners don’t seem to share their concern.

According to a recent survey, small business owners are victims of fraud at a rate of 15 percent more than the general population. In 2010, small business owners lost about $8 billion to fraud. Entrepreneurs are most susceptible to credit card fraud, at a rate 50 percent higher than the average consumer.

Small businesses are attractive to identity thieves because they are small and don’t’ tend to have formal controls in place. Spear phishing seems to work well with small businesses, experts say, because criminals get a few pieces of information about the business, and then convince someone at the business to click on an e-mailed attachment and provide more information or subject the business to malware. Collected data can then be used for identity theft and fraud.

It’s often the norm for a small business to use one computer for banking, marketing and advertising, and operate in an informal environment. Common passwords and sensitive information are often common knowledge, and this opens the door for identity and data information to be stolen.

The amount of money that is actually stolen from small businesses isn’t that much greater than the average amount taken from consumers – but the cost of cleaning up the mess is 150 percent higher for businesses. This is because small businesses usually have to pay out of pocket for legal fees, and financial institutions don’t provide them with zero liability options for their businesses.

So what can a small business owner do? Put antivirus and spyware software in place on all computers. You can also set up alerts with your bank so that you are notified for different account activities, such as a check clearing or money being withdrawn.

If your business uses wireless Internet, security protection is a must. All networks should have a password in place, and guests shouldn’t be allowed access. Consider using a separate e-mail account for people you trust, and a different one for business inquiries.

And even though you trust your employees, you should limit the amount of information you share with them.