Document Shredding Isn’t Enough: Sneaky Ways Hackers Get Your Business’ Information

According to the 2017 Report on Consumer Fraud, 2.68 million consumers submitted fraud reports with identity theft being the second largest category of complaints.

Small businesses are just as susceptible to identity theft as individuals. For example, a Kansas car dealership lost $63,000 when a hacker sent fraudulent payroll transfers to 9 fictitious employees. Other businesses have lost thousands and even millions of dollars due to fraudulent transactions, malware, and ransomware.

Cyber criminals work hard to piece together the information needed to steal a business’ identity. With the right bits of information, a criminal can steal company assets, client lists, open new credit accounts, and gain access to your customers’ credit cards.

Shredding keeps most information private

You might be surprised to learn most of the information criminals want can be found in your recycle bin. Thieves know this, and routinely steal recycling bins and trash cans. They’re not only looking for bank account numbers and credit cards. Sometimes all they need is a name, tax ID number, or address.

Hopefully you own a paper shredder and use it frequently to shred all documents that contain private information. For example, bank statements, invoices, and general correspondence are all documents that should be shredded when they’re no longer needed. Shredding unnecessary documents also ensures you stay in alignment with privacy laws.

Adopting the motto “shred it all” is wise. However, don’t shred all documents immediately, ShredQuick explains. Keep tax documents for seven years, bank statements for four years, and employment applications for two years. You might need hard copies, so don’t be quick to get rid of everything right away. If you do shred everything, be sure to keep digital copies. Although, storing information digitally comes with a higher level of responsibility to keep it safe.

Although mainstream news only reports data breaches that affect large corporations, small businesses are the number one victim of data breaches. Usually, these data breaches occur because nobody thought to encrypt sensitive data. When customer data is collected, stored, and transmitted unencrypted, it’s vulnerable to hackers.

Data breaches fill in the blanks for criminals

Cyber criminals collect information from various sources until they have enough to do their intended damage. They acquire much of this information through data released from former data breaches. Unbeknownst to victims, after a data breach, private information is posted to online databases hackers use as reference tools.

If you send or receive unencrypted documents through email or a third-party file transfer service, your personal information is at risk. Every email must pass through a multitude of servers before reaching its destination. You can’t guarantee each server is secure, and you can’t guarantee data is deleted after it’s relayed to the next server. Encrypted data can be stolen, but can’t be read, so it’s safe.

When your sensitive documents are unencrypted and reside on servers outside of your control, you’re at the mercy of the presence (or absence) of other people’s security practices. A hacker might never get into your email account, but if they hack into any of the relay servers, your data is at risk.

Encryption is the only way to protect your data from outside eyes. It won’t, however, provide protection from internal threats.

Sometimes the threat is within your company

Unfortunately, employees are often the culprit when it comes to identity theft. Employees have access to company credit cards, bank statements, and other private information. If they want to take advantage of that information, they will.

Prevent account takeovers with two-factor authentication

Sometimes the way a hacker gains access to your information is through taking over one of your accounts. Once they gain access to your account, they change the contact information so they are in control. By using publicly posted information from past data breaches, they can recover lost passwords from other accounts and scour those accounts for the rest of the information they need.

Black out all personal information before filing paperwork

You might receive invoices from other businesses and contractors that display your tax ID or social security number. If so, black it out with a sharpie before filing it away. If anyone steals your papers, they won’t have access to your sensitive information.

While shredding documents is the best way to secure your private information in the physical world, be sure to encrypt your digital data, too. Find out if companies you do business with encrypt the documents you send them. If not, be cautious about the information you send via email. You never know where it will end up.

NO COMMENTS

LEAVE A REPLY