When we hear about the growing epidemic of identity theft on the evening news, it is typically focused on the large corporations. Yet, the news headlines can be misleading because identity theft and security breaches aren't limited to big companies.

According to a Business Week article published in July 2009, in a study conducted by Javelin Strategy & Research, small business owners are 25% more likely to be victims of identity theft. How is this fraud committed? Most commonly, small to medium sized businesses (SMBs) are compromised due to online phishing scams, improperly secured credit card transactions or the sloppy disposal of confidential documents. The thieves can be internal personnel, although other likely scenarios include third-party cleaning, maintenance, recycling vendors or external companies.

Criminals tend to find ample targets amongst the SMB sector because these relatively small companies are focused on growing their book of business and often don't have the resources that larger corporations have to combat thieves and scams. A closer look at such reasons includes the SMBs lack of:

Financial reserves. Identity theft is a cruel financial blow for any organization, but SMBs are particularly vulnerable because their financial position is often more precarious, with much smaller on-hand cash reserves to combat fraud.

Legal resources. Larger corporations typically have onsite legal teams who can provide counsel in the event of a security breach. SMBs rarely have access to such resources and support.

Standardized policies. Many SMBs are so focused on a growth strategy that internal "housekeeping" issues such as security policies and compliance requirements are often relegated to the back burner, leaving them exposed to risk.

Human resource departments. Due to their smaller size, many SMBs don't employ human resource personnel. Since the onus of keeping employee paperwork secure falls to HR, this omission can expose sensitive information to potential risks. Additionally, HR handles the screening of new hires, so without an HR department, employees may not be screened as thoroughly.

With these considerable challenges in mind, it makes sense to emphasize the importance of keeping sensitive and confidential data secure and reducing the opportunity for theft. It's also critical to balance the need of reducing this risk with finding a solution that isn't so costly that an SMB cannot afford it.

One obvious solution is to protect sensitive digital information with the latest security software and hardware. Implementing such a solution requires more than simply buying the latest software package from an office supply center - it makes sense to consult with professionals who can advise SMBs as to what they need to protect themselves and how often they need to update/upgrade the equipment.

In addition to protecting online and digital data, SMBs must consider the risk that paperwork with sensitive information contains. Confidential information left on desks, in wastebaskets, recycling bins or shredded by low-end strip shredders can be stolen, reconstructed and used by thieves. SMBs can tackle destroying the paperwork themselves, but it is time consuming and isn't cost effective to have employees spend their time shredding. Not only does an SMB need to purchase and maintain high-end shredding equipment, but also the company needs to ensure personnel can allocate time to collect and destroy the information.

Finally, both the US and Canada have enacted more stringent legislation over the last few years to combat identity theft. While these rules are essential, and designed to protect the consumer, they also increase the difficulty of staying 100% compliant. Even more difficult for SMBs, rules and regulations can vary by state!

With a clear picture of the overwhelming importance of protecting SMBs and their clients from identity theft, and the obstacles of bringing such safeguards in-house, it makes sense to consider outsourced providers such as secure paper shredding services. With state of the art equipment, meticulous screening processes and compliance methods that ensure 100% security, an outsourced shredding service can provide peace of mind without bulking up internal processes. Additionally, SMBs will have the added comfort of knowing such companies are abreast of the latest compliance and legal regulations; leaving SMBs to focus on growing their business, without the added stress of identity theft.