Data Security Insights

2017 was a big year for security breaches and cyber crimes, including identity theft. The cost of recovery can be staggering, reports Security Magazine, “and often leads to the shutdown of businesses. “The average cost of recovery from small business data breaches is $36,000,” reports the magazine, “which can lead to a loss of up to $50,000. Plus, recovery can be near to impossible.” You may think you’re safe, but likely you’re not. To help, we share what several security experts have to say, along with steps you can take to make you and your business safer in 2018.

Tip: When creating passwords, substitute special characters and numbers for letters (like @ for letter ‘a’).

$36,000the average cost of a data breach for a small business.


FTC attorney Katherine McCarron told AOA members last June that identity theft is one the most widespread problems her division addresses. She explained that’s because the information has real cash value and can be used to apply for a line of credit, file a fraudulent tax return, and more. Security breaches go way beyond that, of course. And, according to Microsoft, most data breaches stem from: malware or hacking; credit or debit card fraud; bad employees or lost paper documents; lost mobile devices or inadvertent disclosure of information by someone in the organization. How high are the stakes? Literally life and death…of a business, that is. Security Magazine reported it is estimated that “60% of heavily hacked small businesses go out of business after six months.”



Here are several steps you can take to lessen your chances of data theft.

  • LIMIT RETENTION. Only collect personal info you absolutely need, suggests McCarron. And, only save it for as long as there is a legitimate need for it.
  • CREATE SECURE PASSWORDS. The FTC recommends: using pass phrases, not words; substituting special characters and numbers for letters (@ for letter a, etc.); and creating different passwords for different accounts to prevent what she calls “credential stuffing.”
  • EMPLOYEES. Do background checks on all potential new hires, including a criminal record check.
  • SHRED. Always shred all papers. They’re a top resource for credit card and identity thieves.
  • SECURE ‘EM. Make sure all company-issued laptops and phones are password-protected and kept in a safe spot when not in use. And, be certain your wireless network is password protected, and that all passwords you use are updated regularly.
  • CONNECTIONS. When it comes to receiving or transmitting sensitive data, Microsoft suggests that “your e-commerce and other virtual transactions be done over sites that use either SSL(Secure Sockets Layer) or TLS (Transport Layer Security).



Here are some website addresses to access now as well as to save for an event you’ll hopefully never experience.

  • Access documents to create in advance of a theft, including what to consider, a template for how to ask a company to remove fraudulent charges, and more.
  • This website takes you through the process, soup to nuts, by “asking for specific details, and then how to use them to create an identity theft affidavit.”
  • Several websites here offer checklists, tips, and step-by-step guides to dealing with a breach.


What’s the biggest step you’ve taken in your practice to keep data safe? Tell us and share in the conversation on Facebook here.


Erinn Morgan