A new program from Identity Guard can help businesses prevent a breach or digital intrusion and the loss of personally identifiable information (PII) before it occurs.

It may seem as though large companies are the subject of most identity theft-related cyber attacks, but thousands of small businesses get breached, too. According to the Online Trust Alliance, an organization that aims to enhance online trust by promoting security-related business practices, more than 4 billion data records were stolen in 2016. The number is likely much higher. There were about 82,000 reported cyber incidences last year, but many more go unreported, especially among smaller companies.

While hacks are bad for any operation, data or financial theft can significantly harm a small business, says Jerry Thompson, senior vice-president of marketing and business development at Identity Guard, a company that offers individuals and companies comprehensive identity theft protection and credit monitoring services. Yet, many small business owners don't give much thought to how to protect their business from a data breach, which can involve a loss of customer or employee PII and ultimately lead to identity theft. They don't think it will happen to them, or they feel they don't have the resources to protect themselves.

While preventing a targeted hack is difficult, there are several things a small business owner can do. The key is preparedness, says Thompson. The companies that acknowledge that a breach or data loss can happen, and take steps to pro-actively defend themselves - before an attack occurs - are the ones least likely to be affected by a cyber breach. "That's the prime thing a small business can do," he says. "Get prepared for an intrusion, and then respond quickly and fix it if something occurs."

Of course, that's easier said than done for most companies, which is why Identity Guard launched its new Breach Readiness Program in April. It's a three-in-one product that explains, step-by-step, how an owner can protect their company. The first step is fixing vulnerabilities found in the company's computer system. The program uses cyber security company Delta Risk, a leading edge cyber security company, to run a forensic scan on the business's network to see if there are apparent vulnerabilities that could be fixed to shore up a network's defenses. It then recommends how to fix those problem areas. "It's a low-intrusive benefit with a big reward," says Thompson. "Most people don't have a cyber security expert on staff."

Next, Identity Guard provides a detailed playbook on how to prepare internally for an attack. It includes information on:

  • developing a crisis management team
  • a business's legal and regulatory responsibilities
  • how a company can develop a breach readiness strategy
  • best practices on how to create a breach response communications plan, and
  • much more.

"It's a comprehensive playbook," says Thompson.

The last step is helping a company work through a hack. Within 24 hours of an attack, Identity Guard will come up with a response plan and help people within the business notify customers, credit card companies, and others who might be affected. It also provides several thousand identification monitoring codes that a company can distribute to any affected individuals. Those codes allow Identity Guard to scour the darkest corners of the Web to ensure that customers, staff, and company data isn't being used nefariously or displayed online.

Essentially, this program puts small businesses on the same footing as larger ones. Nearly every big business has a breach-related plan, while smaller companies have been taking a more ad-hoc approach to what to do in the event of a hack or a significant data intrusion. Now, everyone can be prepared regardless of company or bank account size. "Now protection can be a mainstream check box that has to be covered as you are preparing for your business year," says Thompson. "It's obvious that it needs to happen, and now it can."