While big data breaches, such as the one that affected millions of customers at Target stores late last year, grab the big headlines, there are multiple threats to confidential data held by small businesses.
We are definitely seeing an uptake on attacks to people at home and at small businesses, said Brad Spiegel, owner of Quality Computer Systems Inc. in Macon. Big businesses are going to have bigger, badder routers, and bigger, badder equipment that is going to protect them. So the criminals are going to go after the low-hanging fruit. They are going to go after the ones that are easier.
Many small firms know little or nothing about cybersecurity, according to the National Small Business Association, despite the prevalence of data thefts nationwide.
According to a survey last year by the association, 44 percent of respondents had been victims of at least one cyberattack, with an average $8,700 cost for each breach.
Small merchants tend to be attractive targets for computer criminals, according to CEO Jason Oxman with the Electronic Transactions Association.
Small-business owners often leave themselves vulnerable to breaches by browsing social media or messaging friends on the same computer used to process financial information, Oxman said. Some small businesses owners dont use anti-virus software because it seems costly or bothersome, and they may not realize there is a breach until a payment card company notifies them of suspicious transactions.
A small business may not be able to handle the drop in business that might result in a breach, Oxman said.
Spiegel, with Quality Computers, which offers data security services in addition to selling computers, said the first thing he tells business owners is that if they accept credit cards, they should understand and comply with the Payment Card Industry Data Security Standard, which is a checklist of protocols known as PCI.
Even if they dont take credit cards, such as a (certified public accountant), make sure you always have an anti-virus software ... and make sure it is a current operating system, Spiegel said. There can be some issues where you are liable because you are not doing the minimum required to be able to protect your clients information.
Its also important to change passwords regularly, but its probably more important to have difficult passwords that dont have to be changed very often instead of easy passwords that are changed monthly, Spiegel said.
Some retailers dont worry, others use top security
Stephen Bashinski, owner of Bashinski Fine Gems & Jewelry in Macon, is not worried about anyone hacking into his customer information.
Our customers privacy is paramount, Bashinski said. If we get a Social Security number, it does not go into the computer. It goes on a paper document, only because of that reason. ... I would not want my Social Security number or any pertinent information that would allow someone to steal my identity in a computer. I dont believe that computers are completely safe, which they are not.
Storage of all paper copies is closely guarded at Bashinskis.
Only one person has them, he said. Even the staff cant get to it.
Bashinski said he uses an Internet guy to set up security on his computer that he uses for the stores social media such as Facebook and Twitter.
Its less expensive, less time consuming and good business to prevent (any security issue) than to have to deal with all the customers later, he said.
Anything that is a security risk never goes into a computer at the jewelry store, he said.
The only thing somebody would be able to steal as far as customer information -- if they could -- is get their address and phone number. Anything past that, we are not going to put out there. Is it an extra effort on our part? Yes, it is. But its better to make a little more effort and not have problems.
According to a 2011 study by Symantec -- an American technology company that makes security, storage and backup software and offers support services -- 18 percent of all cyber-attacks targeted small businesses. A year later, that number had increased to 36 percent.
Data breaches at Bibb County businesses apparently have not been a big problem, according to financial crime investigators.
We have not had any crimes such as security breaches ... that have been reported, said Lt. Sean DeFoe, public information officer for the Bibb County Sheriffs Office.
Dry Falls Outfitters and B. Turners, both at Macon Mall, may have been more vulnerable when the businesses were smaller, but as the percentage of transactions done by credit or debit cards increased, Bud Turner, president of both retailers, said he was able to tap into some of the big players in the industry and have a lot of security in place. So, for us it hasnt been an issue as a company.
Turner said the business is careful with how it treats customers information.
Once a transaction takes place, my employees at the store level dont have access to the information after its gone to the processor. We dont keep physical copies or anything. Its a direct transmission to the processor.
But Turner is keenly aware of the possibly of a data breach in a personal way.
My personal credit card -- (thieves) have gotten it three times in the past four months. Obviously, they have some kind of portal either into my personal computer or something. Its beyond just annoying.
His bank has alerted him each time and so Turner has not been financially affected. But he had to close the card accounts and get the bank to open a new one each time.
So Ive been victimized personally, but I have had no issue with the store, he said. So we feel pretty safe with what we are doing now. ... But if they can hit Target, they can hit me, I suppose.
Turner said he understands some security companies are working on a foolproof credit card with embedded chips that will be less vulnerable.
I think you will see that technology catches up with the thieves, but well have to pay for it, he said.
Turner said he is surprised by some customers who balk at showing additional identity when paying by credit card.
Seven out of 10 thank us, but there are a small percentage of customers who get really mad, he said. So if a retailer asked for your ID, you should thank them because they are just trying to protect your identity.
Information from the Los Angeles Times was used in this story. To contact writer Linda S. Morris, call 744-4223.