Data breaches like the ones that hit Target, V-Tech, the US Office of Personnel Management, and credit reporting agency Equifax have made headlines for the past few years. Each one saw millions of consumers’ personal identifiable information compromised, and the door to identity theft potentially left wide open.

Too often, mid-sized and small businesses think those big names are the only targets for hackers and cybercriminals, but that couldn’t be further from the truth. The smaller the business, the smaller the budget for security protocols and IT professionals…and data thieves know it.

Unfortunately, in many smaller businesses, there are a few key departments or employees who can be the most susceptible to attack. Given that many employees wear multiple hats in small businesses and too many people have to share network technology, the weakest link is often right inside the company, and ironically may be trying to keep the bad guys out.

1. Billing, Payroll, Accounting

Any of the financial departments in your business are hot targets for phishing attacks, spoofing, or other cybercrimes. They hold the keys to your employees’ payroll records (and Social Security numbers) and your customers’ payment methods. Common tactics have included copycat requests to change account numbers before making a deposit, instructions that appear to come from the boss and request copies of everyone’s W2s, phony invoices that are “past due,” and more.

2. Executives

It might seem laughable that a company leader would be the one to open the door to a hacker, but it’s far from hilarious. No, it’s not that the CEO doesn’t know how a computer works, it’s actually the opposite: with business leaders often working long hours and having to be “out in the world,” the advanced productivity tools that help them connect remotely to their desks back at the office can be vulnerable to hacking. Logging onto public Wi-Fiat lunch or the airport to get some work done, for example, can invite cybercriminals to steal information over the unsecured connection.

3. The IT Guys

You’d think the people who protect your company network from cyber attacks would be immune to attack, but it’s just not true. Hackers find new ways to break in every day, and new viruses and malware get launched around the clock. The people you hired to protect your network cannot possibly know every single threat out there, so they’re a favorite avenue for hackers.

These examples are just scraping the surface of outside threats, but don’t make the mistake of overlooking the “inside job” data breaches. Whether it was intentional or accidental, your employees can also be the initiator of a data breach all on their own. You can work to prevent this with ongoing security training and by limiting the access that employees have to stored data. If someone within your business doesn’t need to see HR files, tax forms, or customers’ stored information, then restrict that access to those who need it.


Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.