In 2016, 82% of all Social Security Numbers were hacked more than once. Your Social Security Number by itself though, is not very useful. It is only one component of a broader group of information about you that is called Personally Identifiable Information (PII). PII is defined by the Department of Labor as “Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.
Cybercriminals are interested in getting information about your employees and clients that they can link together to identify them as individuals. This information is then used to take on the identity of a client or employee. This identity theft and resulted in the loss of approximately $16 billion in 2016. While that number is staggering it is the tip of the iceberg. The best estimates suggest that 900,000,000 records containing PII have been stolen in the US alone over the last several years.
This is not just costly to individuals, it is costly to businesses. On average, a data breach will cost a company $221 per record. This number does not take into account any legal actions that may be taken against the company. In 2014, the average company spent nearly $575,000 on defense costs and paid out an average settlement of $258,000. Those numbers have only increased over the last several years and for a small business, the chance of survival after a successful cyberattack is less than 50%. Not protecting your employees or clients PII is like gambling at the roulette table, eventually you lose.
As a small business you are responsible for safeguarding client and employee information. At SaviorLabs, we are well aware of the pain small businesses go through. We get regular calls from businesses who never thought they would fall victim to cybercrime. That is why we are working together with the Enterprise Center at Salem State University to bring small businesses in the area a Free Seminar on Personally Identifiable Information. In the Seminar we will define what constitutes PII and then discuss what you, as a business owner, needs to know about what client information you can store, how it must be stored, how to protect it against cybercrime, and how to create easy to manage compliance systems to protect yourself from potential legal action should your computer or network get compromised.