March 27, 2006
As major corporations squander customers' trust in their security measures, small businesses are being advised to tighten security and privacy procedures. The Council of Better Business Bureaus (CBBB) is launching an education effort to provide smaller businesses with the tools to lock down vital data.

Small businesses "often believe they're better protected than they really are, because they don't have in-house experts to advise them on what else they should be doing beyond locking up their storefronts," said Steve Cole, president and CEO of the Council of Better Business Bureaus.

"It's difficult for them to know where and how to access support. This makes us all vulnerable, as small businesses are a strong part of our economy. Business owners of all sizes need to be vigilant in protecting their customers, their employees and themselves," he said.

The BBB's program is designed to demystify the complexities of data security and give small businesses a non-technical roadmap to securing their customer data.

The national program includes free, easy-to-read security and privacy toolkits, with separate kits focused on customer and employee data protection. The customer data kit is available now, and the employee kit will be released in the fall.

In addition, the program will feature a downloadable "webinar" featuring key topic experts, plus ongoing updates about new security and privacy developments that affect small businesses. The educational materials are accessible online at:

The program was developed in partnership with two privacy and security experts -- Dr. Alan F. Westin, founder of Privacy & American Business, consulting with Dr. Lance Hoffman, Distinguished Research Professor, George Washington University Department of Engineering and Applied Science. Hoffman also founded GW's Cyberspace Policy Institute, serving as its director for seven years.

As a first step, the toolkits will be distributed through the 116 local Better Business Bureaus (BBB) across the country, reaching a potential audience of 380,000 small businesses and thousands of other small businesses nationwide.

The program is being supported by IBM, Visa U.S.A., Equifax, Verizon Wireless, The Wall Street Journal, eBay and PayPal.

The high profile data breaches at major corporations have largely eclipsed small business vulnerabilities. Yet, a 2005 survey by the Small Business Technology Institute reports that more than half of all small businesses in the U.S. experienced a security breach in the last year.

Nearly one-fifth of small businesses do not use virus-scanning software for e-mail, over 60 percent do not protect their wireless networks with encryption, according to the study, and two-thirds of small businesses do not have an information security plan. Small businesses, overall, make reactive purchase decisions in relation to information security, and usually purchase products only after suffering an information security incident.

"Small business owners are focused on running their businesses, but all it takes is one data breach to damage customer relationships and impact their bottom line," said Dr. Alan Westin. "Our initiative encourages small retailers to take ownership of their responsibilities, to develop a privacy and security policy, and implement an action plan that makes privacy and data protection an integral part of their everyday business operations. This will pay off for them across the board."