Washington D.C. - March 27, 2006 - The Council of Better Business Bureaus (CBBB) and Privacy & American Business (P&AB) today unveiled a new national education initiative geared toward helping small business owners improve their security and privacy readiness in a climate of data exposure risks.
"Small businesses aren't quite in step with their larger industry counterparts in addressing data security," said Steve Cole, president and CEO of the Council of Better Business Bureaus. "They often believe they're better protected than they really are, because they don't have in-house experts to advise them on what else they should be doing beyond locking up their storefronts. It's difficult for them to know where and how to access support. This makes us all vulnerable, as small businesses are a strong part of our economy. Business owners of all sizes need to be vigilant in protecting their customers, their employees and themselves."
Entitled Security & Privacy - Made Simpler ™, the BBB's comprehensive initiative is designed to demystify the complexities of data security and give small businesses a non-technical roadmap to securing their customer data. The national program includes free, easy-to-read security and privacy toolkits, with separate kits focused on customer and employee data protection. The customer data kit is being released now, and the employee kit will be released in the fall. In addition, the program will feature a downloadable 'webinar' featuring key topic experts, plus ongoing updates about new security and privacy developments that affect small businesses. The educational materials are accessible online at: www.bbb.org/securityandprivacy.
The program was developed in partnership with two nationally-recognized privacy and security experts -- Dr. Alan F. Westin, founder of Privacy & American Business, consulting with Dr. Lance Hoffman, Distinguished Research Professor, George Washington University Department of Engineering and Applied Science. Hoffman also founded GW's Cyberspace Policy Institute, serving as its director for seven years.
As a first step, the toolkits will be distributed through the 116 local Better Business Bureaus (BBB) across the country, reaching a potential audience of 380,000 small businesses and thousands of other small businesses nationwide. To dramatically extend the reach of the toolkits to the small business community, the BBB engaged key corporate sponsors to participate in all levels of the program, and distribute the toolkit to their own small business customers. To date, the program is supported by IBM, Visa U.S.A., Equifax, Verizon Wireless, The Wall Street Journal, eBay and PayPal. Each of these companies has demonstrated their commitment to working with businesses of all size to address the growing problem of data security.
The high profile data breaches at major corporations have largely eclipsed small business vulnerabilities. Yet, a 2005 survey by the Small Business Technology Institute reports that more than half of all small businesses in the U.S. experienced a security breach in the last year. Nearly one-fifth of small businesses do not use virus-scanning software for e-mail, over 60 percent do not protect their wireless networks with encryption, according to the study, and two-thirds of small businesses do not have an information security plan. Small businesses, overall, make reactive purchase decisions in relation to information security, and usually purchase products only after suffering an information security incident.
"Small business owners are focused on running their businesses, but all it takes is one data breach to damage customer relationships and impact their bottom line," said Dr. Alan Westin. "Our initiative encourages small retailers to take ownership of their responsibilities, to develop a privacy and security policy, and implement an action plan that makes privacy and data protection an integral part of their everyday business operations. This will pay off for them across the board."
Making Cumbersome Issues Manageable
The Security & Privacy - Made Simpler initiative has been specifically designed for small business owners. "The goal is to make the issue less intimidating, and point them in the right direction," Cole said. "We have broken down complex and cumbersome concepts into manageable action steps."
The information, available at www.bbb.org/securityandprivacy, emphasizes the importance of a comprehensive security and privacy plan, and takes both an offline and online security approach by reminding small business owners that simple steps -- like shredding documents, spot-checking employees' backgrounds, and not responding to phishing e-mails -- are just as important as buying new security software.
Included in the information:
- Illustrations of low-tech and high-tech data theft, from dumpster diving and employee theft to phishing and hacking…and steps for prevention;
- Checklists for everyday security practices, such as restricting access to sensitive records, keeping emails free of personal information, and training employees on new privacy and security policies;
- Common sense advice, such as "if you don't absolutely need a piece of customer information, the best policy is, don't collect it," and "if you possess customer data you no longer need, discard it-securely;"
- Practical guidance on whom to notify in the event of a data breach, from law enforcement to potentially-exposed customers.
About The Council of Better Business Bureaus
The Council of Better Business Bureaus is the umbrella organization for 116 Better Business Bureaus (BBB) across the US. Founded in 1912, the BBB is supported today by more than 380,000 business members - ranging in size from local enterprises to multinational corporations. The BBB is dedicated to advancing trust between businesses and consumers, deepening consumer confidence, and contributing to a flourishing marketplace. This is accomplished through a range of programs and mechanisms, designed for the constituencies they serve, and are modified over time to meet the changing needs of consumers and businesses.
About Privacy & American Business and Dr. Alan F. Westin
Privacy & American Business is an activity of the Center for Social & Legal Research, a non-profit, non-partisan public policy think tank that has been exploring U.S. and global issues of business, consumer and employee privacy and data protection since its launch in 1993. Dr. Alan Westin, Professor of Public Law & Government Emeritus, Columbia University, and President and Publisher of P&AB is recognized globally as one of the leading authorities on privacy and data security. His books beginning in 1967 are pioneering studies. Over the past forty years, Dr. Westin has been a member of federal and state government privacy commissions; served on the committee that created the first Privacy Act of 1974; is an expert witness before state and federal legislative committees and regulatory agencies; the academic advisor to Louis Harris & Associates (since 1978) for 60 national public opinion and leadership surveys on privacy, and an advisor to businesses on the issues of privacy and data protection.