Aaron Reiter By Aaron Reiter • December 18, 2017


4 Minute Read
It can be very easy for small business, including collection agencies, to think they are too insignificant to be hacked or that they need to worry about a data breach. But they would be wrong. 
According to a 2017 Symantec internet security report, in the past 8 years, 7.1 billion identities have been exposed in data breaches. More specifically, from 2014-2016, 2.9 billion identitities were exposed through 3,943 verified breaches. These numbers are likely low because small businesses tend to withhold reporting of data breaches. Considering small businesses constituted some 43% of cyberattacks in 2015, this segment needs to be vigilent.  What makes it worse for small businesses, especially those that are hacked, is that 60% of them close within six months of the attack because they lack the resources to manage and recover from it. Worldwide spending on information security will top $96 billion in 2018, according to Gartner, a research company. That figure is 8% higher than what was spent in 2017. 
 "We've only seen the beginning. Cybercrime is big business...and it's very high-payoff, low-risk crime...we've seen nothing yet." 
-Dr. Eric Cole
Dr. Eric Cole, a cybersecurity expert who has advised some of the most powerful individuals in the world including former president Bill Clinton and Bill Gates, said, "We’ve only seen the beginning",  in an interview with Fox Business. He went on to say, "Cybercrime is big business...and it's very high-payoff, low-risk crime...we've seen nothing yet." 
Thinking that you don’t have anything of value, or that you are a not a target because you are a small business is shortsighted and incorrect. First of all, experts stated small businesses are prime targets precisely because they don't have the resources to put strong protections in place. Besides, how will a hacker know if you have anything of value until after they’ve penetrated your firewalls and taken an inventory. 
Feeling nervous? Well, the question isn't whether you think you have anything worth hacking or not. The question is: do hackers think you have anything worth hacking? And if they think you have have credit card numbers, Social Security numbers, or any other forms of personal identification that can be ransomed or sold off, then you should be worried. Gee whiz, why would a hacker ever think that a collection agency, which makes its money by tracking down individuals and taking payments from them, would have that kind of information?
Your customers are figuring this out for you, especially if they are in the financial sector or handle any government data. If you want to work with larger companies or smaller organizations that think big, having robust information security systems are a prerequisite today. 
There are ways to cost effectively invest in data security and compliant protection measures without recreating the wheel on your own. This problem has been addressed and there are reasonably priced resources available to you and your agency. Start with your software platform. You run your business on your software and the location where that program and database(s) reside should be your first focus.
If you have a server down your hallway, in the basement, up on the second floor to protect it from flood water, you're not as secure as you could be. If your company is using a local data center and you are responsible for maintaining the firewalls and performing the penetration testing, you're not as secure as you could be. And if your data backup protocol is putting a portable hard drive in your briefcase at the end of the day to take home, don't admit it. Definitely not compliant. 
The threat of a data breach is real. Strong information security protocols are essential to staving off a disaster that may cost you a client. Or worse yet, your company. This has become a necessary expense, and the most expensive way to do it is by creating your own stand-alone network you have to secure by itself. Web computing, especially through platforms like Amazon's AWS cloud computing platform, are both cost-effective and highly secure.
Finding a web-based software provider with strong, documented "inherited security" advantages to customers can spread both the protection standards and the costs assocated to its customers, making those expensive investments more palatable for everyone. The added benefit to the collection agency is the security standards and annual audit certifications are handles by experts, allowing you to concentrate on what you do - which isn't filling out endless PCI and SOC audit forms.