On September 7, news sources across the country revealed that credit reporting giant Equifax had been breached.
This meant that personal data such as Social Security Numbers (SSN) and driver’s license numbers were compromised for roughly 145 million Americans.
The New York Times was one such source, calling this “one of the largest risks to personally sensitive information in recent years.” And though this particular hack has shaken the nation and caused a stir, the reality is that identity theft is a huge issue on a daily basis.
Here’s what you need to know in the wake of the breach as an individual massage therapist and if you are a small business owner.
The Truth Behind Identity Theft
“Identity theft impacts everyone, regardless of your income,” says Kamil Faizi, identity theft protection specialist with ID Shield. In fact, approximately 17.6 million adult Americans—which equates to roughly seven percent of the population—find themselves victim to identity theft annually according to the Bureau of Justice Statistics.
Statistic Brain breaks this down further, noting that the average financial loss per incident is $5,130. Additionally, people in the 18 to 24 year age range tend to be hit with identity theft most often (with 35- to 49-year-olds next), and typically hackers strike by using an already-open credit card or bank account that is in the person’s name.
While this is bad enough on its own, the problem is compounded even more if you own your own business, as one Computerworld survey found. Out of 583 businesses surveyed, 90 percent admitted that their systems had been breached at least once during the last year.
“For massage therapists, this means more risk because personal information of employees and customers is involved, in addition to the business itself,” says Faizi.
Not only can this erode client trust, the costs can be astronomical. For instance, the 2017 Ponemon Institute Cost of a Data Breach Study found that the average data breach costs a company $3.62 million.
Of course, if you’re a solo therapist or run a small massage therapy business, you may not stand to lose this much, but the study also found that the average cost per record breached was $141. Considering the number of clients you have, the amount of money you’d have to pay out if compromised can quickly add up.
So what can you do if you’re concerned that Equifax or some other type of breach compromised your information with a company that you regularly do business with?
How to Tell If Your Information Has Been Compromised
“It is not hard to tell if a business owner has been compromised,” says Faizi, as “business identity theft is no different than personal identity theft. Thieves aim to steal sensitive information such as bank account [information] and financials.”
The key, says Faizi, is to “keep on top of your free credit score through Credit Karma or a similar service, as well as staying on top of bank account statements.”
This makes it easier for you to quickly tell if something appears amiss or to find a potential sign that your information may have been compromised.
Alayna Pehrson, digital marketing strategist and manager of Best Company’s identity theft vertical, adds that although business owners can go to the site Equifax set up and enter the last six digits of their SSN’s, this “may not be the best route.”
The reason for this is because “giving away the last six digits of your SSN instead of the last four is never recommended,” says Pehrson. Instead, you may want to simply “wait for a letter in the mail from Equifax” telling you if you were affected, Pehrson says.
Actions to Take After a Real or Suspected Identity Theft Incident
Whether you suspect that your business database has been breached or you find out definitely that your information has been compromised, Pehrson says there are a few actions you can take.
These include placing a fraud alert on your credit, freezing your cards and immediately enlisting the help of an identity theft service or credit monitoring service to better watch your information for any suspicious behavior.
The Federal Trade Commission (FTC) also has great resources says Faizi. For instance, included on their identity theft information page are some frequently asked questions and links to other relevant sites and pages you may want to visit if you believe that your information has been compromised.
Faizi also recommends reporting any discrepancies to Dun & Bradstreet or any major credit reporting bureau, as well as your bank.
“Credit and billing companies should be contacted to notify them of possible fraud and theft,” Faizi adds.
Reducing Your Risk of Identity Theft in the Future
Of course, the best way to solve a problem is to prevent it in the first place, and there are several measures you can take to reduce the likelihood that your business will be hit by hackers.
“The first thing that is highly recommended is enrolling in identity theft protection insurance,” says Faizi. This is especially true for the employees. This way if any information has been stolen, at least the matter can be mitigated and will not worsen.
Other tips that Faizi says can lower your risk of future identity-theft related issues at your business include:
- Using a payment processor that offers advanced encryption security and processes payments offline
- Keeping company documents and files in a safe, secure location
- Shredding financial statements versus throwing them straight into the trash
- Keeping customer financial information secure, both online and off
- Using passwords to protect sensitive information
- Signing up for a strong antivirus internet security program that protects the computer as well as protecting the internet when browsing online
- Checking bank statements every time they come out for the month
- Ensuring that the business website has an HTTPS certificate (which shows that there is a high security rating, making it harder for a website to be hacked)
Though many business owners feel defenseless against hackers who are intent on breaking into their system, the reality is that the harder you make your business to be a target, the more likely it is they’ll bypass you and move on to an easier target.
That makes implementing suggestions like these critical to not only protecting your own data, but the data of those you serve. It can save you a lot of time, aggravation, and money in the long run.
About the Author
Christina DeBusk is a freelance writer dedicated to providing readers relevant, research-backed content related to health and wellness, personal development, safety, and small business ownership.
If you enjoyed reading this MASSAGE Magazine online article, subscribe to the monthly print magazine for more articles about massage news, techniques, self-care, research, business and more, delivered monthly. Subscribe to our e-newsletter for additional unique content, including product announcements and special offers.