As evidenced by the security breach at credit-reporting agency Equifax last year, which exposed the data of some 143 million Americans, the need for financial service providers to employ cutting edge information security solutions is paramount. Even the largest and presumably most well-protected entities have found their client data for sale on the Dark Web, causing a backlash of bad press, potential litigation and burdensome cleanup costs.
While conducting due diligence for a loan, lease or other business transactions, banks, and other specialty lenders must handle a range of sensitive and potentially valuable information. Each day, millions of pages of documentation are sent through cyberspace in the form of e-documents, attached files and plain old email correspondence. Yet, many if not most people are largely unaware of the many dangers lurking in cyberspace. New threats emerge daily; and nefarious actors are aggressively pursuing new avenues to unlocking data that doesn’t belong to them.
Unfortunately, essential paperwork often contains information that could cripple a client’s business or personal life if it falls into the wrong hands. When asked to identify high-risk data, most people are aware that information contained in medical records and bank statements, and unique identifiers such as credit card and social security numbers are in high demand by fraudsters. However, so-called “Personally Identifiable Information,” or PII, also covers a number of seemingly innocuous variables.
This covers identifiers such as name, address, social security number, telephone number, or email addresses, among others. While not every individual data point carries the same level of risk, when used in conjunction with more sensitive information even something as simple as a client’s date of birth can hold value for cybercriminals.
Additionally, he vast majority of American businesses think too little about the cyber risk environment. According to one survey conducted in 2017, only 2 percent of small businesses viewed data security as their top priority, despite the fact that nearly half of all cyberattacks target the small business sector.
Companies like Yahoo, Equifax, eBay, Target, Uber, JP Morgan Chase, Home Depot and Adobe all experienced being “hacked” by criminal intruders in the recent past.
What about the breaches that do not hit the news? We find that many small-business owners take the attitude of “Why would anybody care about me? I am just the little guy.” But hackers are starting to prefer small businesses for that exact reason. We are finding more and more cases where our clients and business customers have been compromised. Sometimes for sizable theft of hard earned money. In some cases, insurance has helped recover some of the loss, but other times, insurance showed that the company was liable because they did not have any real protection or policies in place.
Today, mishandling client data can have serious consequences even in cases where no actual fraud is committed or financial loss demonstrated. The mere acknowledgment of a breach carries fiduciary and possibly regulatory penalties for the responsible company. That does not account for the damage a serious data breach can inflict on a business’s reputation and credibility in the market.
Some simple tactics for protecting data include automating networks to require regular password changes to limit the window of risk and avoiding the use of public WIFI networks that are open to multiple unknown users and/or administrators without a VPN or proxy type of service. Many businesses are also employing two-factor authentication which requires both a password and a randomly generated key code for network access. Housing documents securely on servers that are safely behind a firewall is also critical to protecting client documentation during the due diligence stage.
It is of major importance for small businesses to consult with cybersecurity experts and utilize IT services that ensure the security of their networks. It can easily mean the difference of success or failure of your business. Ask your IT provider if they are taking steps to insure your cybersecurity or have a consult survey done to ensure that you are covered.