Mark Pribish

Identity theft risks for small businesses include social media

By Mark Pribish
Vice President and ID Theft Practice Leader

While social media has created new opportunities for small businesses, social media has also created new risks including identity theft and data breach.

Think about it, social media sites ask registered users to provide as much personal information as possible. Some of the largest social media sites such as Facebook, Twitter and LinkedIn have already experienced data breach events. And now online perpetrators are using social media to create more opportunities than ever to steal identities and commit fraud.

Some of the positive opportunities created by social media include the ability to increase business and consumer connections along with increasing your brand through social networking sites such as LinkedIn, Facebook, Twitter, and YouTube.

Social Media

Some of the negative risks created by social media include the creation of permanent records and reputational damage to your brand in the event of a data breach event.

Small businesses need to identify the social media risks that can negatively impact their business such as:

  • The use social media to make false or misleading claims
  • The use of social media to commit copyright or trademark infringement
  • The use of social media to use intellectual property without permission
  • The use social media to steal trade secrets or worse, the posting of trade secrets and confidential information
  • The use of social media to steal employee or customer information resulting in a data breach event

Based on the above, I recommend four risk management tips that can help protect and minimize your small business from social media risks:

Create a crisis management plan detailing employee and employer protocol in the event of a data breach, injured employee, customer complaints, or compliance issues. This crisis plan should clearly state what is accepted and not accepted in using social media to share information on these or other negative events that can place the company in jeopardy.

Understand that social media creates a permanent record and that your small business and/or your employees use of social media can be used to discredit your business or to serve as a source for material discovery in a court case or litigation. That said, every small business should implement an information policy including a Records Management Plan (RMP) to be consistent for all communication and correspondence including social media.

Create a social media policy that provides a detailed explanation and clarification for all employees and vendors on what company information and/or issues can be discussed within and outside the business. This policy should include basic tenants and the negative impact on both the company and employee if this policy is ignored – either accidentally or on purpose.

Employee education and training where your employees should receive annual training specific to the management and safeguarding of employee and customer information.

To conclude, small businesses should take advantage of the low cost value proposition of social media including employee education, customer contact and marketing strategies. However, small businesses need to create a social media policy and plan that responds to employee malfeasance along with ID Theft and data breach events.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scammers Hide Malware in Free Pizza Email

Yum! A national restaurant chain offers free pizzas to all customers, no strings attached. It sounds too good to be true, because it is! Watch out for this new email scam that comes with malware attached.

How the Scam Works:

You receive an email that appears to be from Pizza Hut. The message claims the pizza chain is celebrating its 55th anniversary by offering customers a free pizza.

All you need to do is download the attached coupon and bring it into the restaurant. But don't do it! It's not a coupon, it's actually malware.

Once downloaded, malware can hunt for banking and/or personal information on your computer, putting you at risk for ID theft.

Emails posing as business giveaways are a popular way to transmit malware or phish for banking/personal information. Be careful of any unsolicited email that promises free gift cards or other too-good-to-be-true perks.

How to Spot a Phishing Scam:

Watch out for these signs that your email is likely a fake:

  • Hover over links to check their source. Place your mouse over hyper-linked text and the true destination will appear.
  • Don't believe what you see. Scammers can easily copy a real business' colors, logo and even email address.
  • Be wary of unexpected emails that contain links or attachments. As always, do not click on links or open the files in unfamiliar emails.
  • Check the offer with a quick web search. If a business is really offering a promotional giveaway, they should be advertising it on their website and elsewhere. A quick search on Google reveals that this offer isn't real.
  • Watch for poor grammar and spelling. Scam emails often are riddled with typos.
  • Ignore calls for immediate action. Scam emails try to get you to act before you think by creating a sense of urgency. Don't fall for it.

For More Information

Check out the full alert on the Federal Trade Commission's website. To find out more about other scams , check out BBB Scam Stopper.

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

If you believe your identity has been stolen, call 866.SMART68 today.