Consumers everywhere are at risk for identity theft, but even if they keep their own financial data secure, their information may be at risk elsewhere.
For example, data thieves have showed increasing sophistication and boldness when it comes to breaking in to computer networks to steal credit card numbers, Social Security information, and other data that can be used for identity theft and other crimes.
Along with costing consumers money, data breaches can be very costly to businesses that fail to take sufficient steps to guard their data. Depending on the circumstances, companies could find themselves on the hook for financial damages incurred by customers, and they may also find themselves paying for credit monitoring services as part of their response to a breach.
With that in mind, the Better Business Bureau offered some tips to business owners and others on how to protect themselves and their customers from data thieves.
"Even when a company takes all necessary precautions, a data breach can occur as the result of a malicious attack or employee error. The key to limiting the damage - and retaining customer trust - is to develop an action plan in case a data breach does strike your business," said Alison Southwick, a spokesperson for the BBB.
The BBB also cited data showing that while the overall number of data breaches fell in 2009 compared to 2008, the number of attacks targeting businesses rose to a greater percentage of the total. The organization also cited separate data showing that companies can end up spending more than $200 for each set of compromised customer data.
One step recommended by the BBB is for businesses to establish a clear data breach notification policy that focuses on how customers will be notified in case their information is compromised. Business owners also need to pay attention to any state laws regarding how notifications must be sent to affected customers.
Another important step is for companies to train their employees how to spot breaches of sensitive financial data, and how to respond to such breaches in the process.
Business owners must also promptly notify the financial institutions that handle their payment processing about a data theft, and to immediately determine relevant facts about the incident, such as whether it was a malicious attack or an employee error.