Top Threats & Responses for Small Businesses

IDWise Logo

If you thought your business was too small to have to worry about identity theft, think again.

Fraud is on the rise, and small businesses and their owners are prime targets. A 2012 study by Javelin Strategy and Research found that small business owners are almost twice as likely to be victims: 8.8 percent of business owners compared to 4.7 percent of non-business owners. And while small businesses may have fewer assets than a multinational corporation, they also have fewer resources, opening them up as relatively easy targets.

Hijacking and data breaches.

In some cases, criminals obtain a business' tax ID number and acquire credit under the business name. In others, thieves hack into or steal the personally identifiable information (PII)—including Social Security numbers, full names and birthdates, bank account numbers, and other identity assets—that businesses collect as part of their daily operations.

Awareness, well-crafted policies, and vigilance can all help businesses avoid or mitigate the woes of corporate identity theft or data breaches. The Center for Identity's ongoing research has identified a wealth of resources to make sure your company's systems, employees, and customers are protected. Subscribe to our e-newsletter to stay abreast of emerging threats and changing best practices.

Top identity threats to small businesses.

Technology and information sharing are central parts of both small business operations and our everyday lives. It's imperative that small businesses understand the many forms identity theft can take, so that they can protect their data, their customers, their reputation, and their bottom line.

When it comes to identity and data security, what are the greatest risks faced by small businesses and their owners?

Crime At The Cash Register

The magnetic strip used in credit cards for almost half a century is easy for criminals to exploit. They can now skim or replicate credit card and bank account numbers using malware or physical skimming devices, all without the business' knowledge.

Regularly check any credit card terminals or ATM kiosks at your business for electronic devices that shouldn't be there. In addition, check security footage for suspicious activity, such as an employee taking a customer's card away from the register to run a transaction.

Human Error

Human error—from misplacing a laptop with unsecured PII to falling for a phishing scam—is a leading cause of data breaches.

Train employees to protect sensitive information, including locking up records and keeping passwords strong. Businesses should also set up clear usage standards for mobile devices and public Wi-Fi. For more information, see our article Training Employees to Protect Data.

Insider Attacks

Not all inside breaches are innocent mistakes: some employees engineer them for financial gain or as revenge for the loss of a job.

In these cases, the best defense may be preparedness. Companies should have a clear protocol for which employee is managing the breach and what actions he or she should take. For more details on inside jobs, see our article Monitoring the Internal Threat. To learn more about crafting a response plan, check out our learning module about the Red Flags Rule.


According to a 2009 Verizon study, about 75 percent of breaches came from outside sources. Online extortion—an attack or threat with a demand for payment in exchange for preventing or stopping it—is on the rise. So is "hacktivism," or the act of breaking into a computer system with political or social motivations.

To combat attacks like these, ensure that systems have appropriate firewall and antivirus technology and update security software patches in a timely fashion.

IDWise Logo
What is IDWise?

Funded by a partnership with the Texas Legislature, and powered by the Center for Identity, IDWise is a resource center for the public on identity theft, fraud, and privacy. IDWise offers clear and accessible resources to empower citizens—both online and offline—to be better informed and make smarter choices to protect their personal information.

IDWise Logo

Funded by a partnership with the Texas Legislature, and powered by the Center for Identity, IDWise is a resource center for the public on identity theft, fraud, and privacy.

Learn More