Mark Pribish

SMBs Continue to be Data Breach Targets for Hackers and the Insider Threat

By Mark Pribish
Vice President and ID Theft Practice Leader

According to Chubb, one of the leading property and casualty insurance companies in the world, "the reputational costs of cyber attacks can ruin small and medium firms" (Please see here) in a new report titled Cyber Attack Inevitability: The Threat Small and Midsize Businesses Cannot Ignore.

Unfortunately, most small businesses continue to believe they are not targets for cyber and identity theft criminals based on their size, industry group, and/or small databases of personally identifiable information (PII).

However, the reality of identity theft and data breach makes the threat landscape for small businesses a high-risk target for both cyber and identity theft criminals, along with the insider threat such as current and former employees, contractors, vendors, social engineering, and phishing.


The Chubb report stated that "the average price tag for a business to recover after a cyber attack is $400,000, which can be fatal for small-and-medium-sized enterprises (SMEs)."

One of the reasons hackers and identity theft criminals are shifting their attention to smaller targets is that small businesses tend to lack information security and governance best practices compared to larger businesses.

But it gets worse. According to the 2018 Ponemon Institute Cost of a Data Breach Study (please see here) the average amount of time required to identify a data breach is 197 days, and the average amount of time needed to contain a data breach once it is identified is 69 days.

When small to medium size businesses struggle to identify a data breach event and then struggle even more to report and respond to a breach, the total cost of the breach increases because of direct costs, indirect costs and lost opportunity costs.

So how can small businesses protect their organization?

The Chubb report concluded that "the majority of cyber incidents are preventable, as they mostly stem from human error or a simple lack of proper training [and Chubb] recommended [small businesses] take the following preventative measures:

  1. Create a cyber-attack response plan and invest in the resources to ensure the plan can be executed.
  2. Use a secure password manager to make it easier for employees to manage their credentials in a secure manner.
  3. Educate employees about the risks of cyber-crime and deploy software that can reduce social engineering attacks such as phishing.
  4. Install good antivirus software and ensure it is always up-to-date.
  5. Update operating systems and applications regularly to ensure they are supported by the manufacturer.
  6. Protect networking activity with a secure router on your internal network and a virtual private network (VPN) externally.
  7. Purchase a comprehensive cyber insurance policy. 'In addition to the built-in loss mitigation services to reduce the risk of being targeted in the first place, a cyber policy will likely include incident response services if an attack succeeds,' said the report."

Small businesses need to recognize that hackers, identity theft criminals and the insider threat are current and future risks.

Small businesses also need to accept responsibility in protecting their customer and employee information by increasing employee education, investing in new technology, and creating a formal data breach response and recovery plan.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Alert: How Scammers Use Political Issues to get Your Attention

By Better Business Bureau. April 2, 2019.

You've likely received a robocall before. A recorded voice offers you an unbeatable deal or claims to be someone they are not. In a new twist, scammers are using hotly debated political issues to grab your attention. These con artists take advantage of buzzy, emotionally-charged news stories to trick unsuspecting consumers into falling for a scam.

How the Scam Works

You receive a robocall and answer the phone. A recorded voice — perhaps even one that sounds just like President Trump, Speaker Nancy Pelosi, or other prominent politician — explains the purpose of the call. According to one local news story, the border wall is currently a popular topic for these calls. As the 2020 election campaign heats up, other topics will undoubtedly be used as "bait" to grab your interest.

If you offer to donate, your money won't go to support the political cause. Instead, the phony caller will make off with your money... and your personal information that can be used for identity theft.

How to Avoid Robocall Scams

  • Screen your calls. If a call comes in from a number you don't recognize, don't answer. Even if the number looks familiar, be wary. Check the number on com (a BBB Accredited Business) to see if it's been flagged with a fraud alert.
  • Don't respond to unsolicited calls. If you receive an unsolicited call that seems to come from a legitimate business, be cautious. Scammers can fake caller ID, and businesses are only allowed to call you if you give them permission. If someone is calling you out of the blue, it's most likely a scam. Best practice is to hang up the phone without interacting with the caller. Don't "press 1 to be removed from our list;" that just confirms to the scammer that your number is good.
  • Register with the Do Not Call Registry. This step won't prevent scammers from calling you, but it will reduce the number of legitimate marketing calls you receive, which will make it easier to identify the fraudulent ones. If you live in the US, call 888-382-1222or register online at gov. If you live in Canada, visit the National Do Not Call List here.

For More Information

To learn more about how to avoid robocall scams, read BBB.org/RoboCall.
If you've been the victim of a robocall scam, report it on the BBB.org/ScamTracker. By doing so, you can help others protect themselves from falling prey to similar scams. Learn more about scams at BBB.org/ScamTips and learn how to avoid them at BBB.org/AvoidScams.

To learn more about other kinds of scams, go to BBB.org/ScamTips.

If you've been targeted by this scam, help others avoid the same problem by reporting your experience at FTC.gov/Complaint and BBB.org/ScamTracker.

If you believe your identity has been stolen, call 866.SMART68 today!