For the past few years, major organizations have dropped the ball on cybersecurity again and again. Retailers, insurance providers, educational institutions and even the U.S. government have all exposed inordinate amounts of their customers' personal, financial and sometimes even medical information.
This sensitive data is often used to commit identity theft and fraud - a correlation so strong that two-thirds of identity fraud victims in 2014 had previously received a data breach notification.
It may feel like every Fortune 500 company will inevitably be breached, which could lead consumers to believe they can just sit back and wait. But that's simply not the case. And this "data breach fatigue" is a rather dangerous mindset to sink into.
Signs of identity theft can hide in the smallest of spaces: deep within your credit file, in archived taxes and even in your medical records. Without quick action following a breach, you may miss major red flags and end up paying the consequences only after the problem has exponentially grown.
Let's erase this cloudy viewpoint by shifting our focus on when and where a breach will really hurt by taking a look at the little guys - data breaches in small businesses.
Small businesses, particularly small medical practices, are major targets for cybercriminals. These organizations hold a plethora of sensitive data, while typically possessing only the bare minimum in terms security.
On average, it takes more than 200 days for an organization to detect that it has been hacked.
Small-scale data breaches are also rather lackluster in comparison to their brand-name counterparts. Large breaches garner widespread media attention, which drives swift action amongst all parties - the impacted organization, financial institutions and consumers. With time and public awareness against them, hackers know stolen data will soon be too hot to profit from and will only use a small percentage of it as quickly as possible.
This attention-grabbing factor is completely obsolete in terms of a small-scale data breach, giving the hackers time to sort out how to most effectively maximize their profits.
So how often do these small-scale breaches occur? Just take a look at Fighting Identity Crime's monthly breach summaries and you'll see a distinct pattern - small medical practices and businesses flood the list, each with a considerable amount of exposed data associated with their attack.
Many of these exposed customers may still be unaware of their vulnerability to identity theft and fraud. Meanwhile, others probably know their data was leaked but still don't fully understand the risks associated with a small-scale data breach.
On average, the total cost of a data breach is now $3.8 million, up from $3.5 million in 2014. While a consumers' financial institution will immediately bear this cost, it will likely impact the consumer later through indirect fees and a reduction of product offerings.
So what should you do to prevent being victimized by a small-scale data breach?
-
Pay Cash When Possible
Consider paying with cash at smaller organizations to avoid exposing your financial data if their point-of-sale system is hacked. -
Exercise Caution at Your Doctor's Office
Ask office employees how your information is stored. Consider seeking medical attention elsewhere if you don't feel their security standards are up to par. - React Quickly to a Breach Notification, No Matter the Size:
- Check your credit report
- Examine your bank statement
- Consider placing a credit freeze
- Enroll in identity theft protection services, if offered