How Small Businesses Can Create a Culture of Cyber Security

As part of National Cyber Security Awareness Month, federal organizations are focusing on plans small businesses–including debt collectors–can use to protect sensitive information and quickly respond if a data breach occurs.

This October, which is National Cyber Security Awareness Month, the National Small Business Adminstration has joined forces with the National Cyber Security Alliance, Federal Trade Commission, Department of Homeland Security and Council of Better Business Bureaus to raise awareness of threats to small businesses’ data security, tips for prevention of data breaches through developing security plans and resources to access should one occur. Representatives of each organization spoke during an online presentation, “Creating a Culture of Cyber Security at Work,” on Oct. 8.

Threats of cyber-attacks and data breaches are on the rise,  especially for small businesses. According to the National Small Business Administration 2013 Small Business Technology Survey, 44 percent of small businesses report they experienced a cyber-attack, and the average cost is about $9,000 per incident.

This trend can wreak havoc on businesses in the credit and collection industry.

According to the ACA International and Ernst and Young study of the Impact of Third Party Debt Collection on the National and State Economies, nearly 94 percent of third-party debt collection agencies have less than 100 employees and 98 percent have less than 250 employees.

Given the prominence of small businesses in the credit and collection industry and in ACA’s membership, it is especially important for agencies to increase their focus on protecting assets by developing a concrete data security plan involving all employees.

“All businesses today have cyber security challenges,” Michael Kaiser, executive director of the National Security Alliance, said during the presentation. “We all have things we need to do to make the Internet more secure.”

It starts with protecting information businesses have internally and how it is shared if it must be released to colleagues, clients or the public.

Through education, risk management and strategic planning, all businesses have a responsibility to promote a culture of cyber security, Kaiser said.

First, it can help small businesses to designate an employee to focus on security measures and be the point person if a security threat should occur, according to Jessica Lyon, an attorney in the Federal Trade Commission Division of Privacy and Identity Protection.

However, everyone in the company should be up to speed on the basics of security measures and most importantly ensure they are being careful with any data on customers or clients as well as their own personal information and how it is stored on computers or mobile devices.

If there are employees who don’t need to have access to certain information to do their work, it should be restricted, according to Lyon.

“Every employee with administrative [access] presents a data breach risk … you want to limit the potential that a hacker could access all sorts of pieces to your business,” Lyon said.

Remember to secure passwords and implement procedures to disable an employee’s email account or server access if there are too many log-in attempts, which can be a sign of a data breach. And, when security procedures are in place, make sure they are reviewed and updated on a regular basis.

“Security is not a one and done deal,” Lyon said.

The Council of Better Business Bureaus is a resource for information to improve cyber security. Chief Security Officer Bill Fanelli said during Wednesday’s presentation that the BBB is working on a framework that both large and small companies can implement.

For more information on security for small businesses in the credit and collection industry, read “Spotting Cyber Crime,” in the August issue of Collector magazine. Editor Anne Rosso May reports on how—by being aware of potential threats and taking preventative measures before disaster strikes—companies can make it as difficult as possible for hackers to steal their data.