Identity Theft Prevention
Steps Small Businesses Make to Prevent Identity Theft
Albert Marcella
One of the most significant dilemmas facing businesses today is identity theft, the fastest growing crime in the United States according to the National Crime Prevention Council. As a business owner or head of a company, it is your responsibility to ensure that the personal information of your employees, customers and vendors doesn’t fall into the wrong hands. The repercussion for a small- or medium-sized business that is victimized by identity theft can be drastic, if not fatal. That’s why education and a plan of action to safeguard privileged information against the evolving tactics of identity theft are essential.
The first step in protecting your company is to be proactive and not wait for a situation to occur. Start with a security assessment. Ask yourself, “How effective is my company’s ability to safeguard its most critical and sensitive asset—its data? What types of data does my company collect—personal identifiable and corporate transactional—and how is this data currently protected?” Does the company have public access areas that are open to more than one customer at a time? Being cognizant of your current security posture, the sensitive nature of the data on record, and how it could be misused can be helpful in determining how to protect it.
It’s also critical to realize that identity theft comes in many forms and can attack your company at the corporate, customer or employee level. Identity theft at the corporate level has become a very real possibility with the advancement of technology and, in fact, an attacker may even use your own resources to hijack your company’s identity. By downloading logos and text from your company’s website, thieves can easily build a website similar to your own to conduct their own shady activities. Without ever knowing about it, customers will surrender their personal information to the phony site, duping not only your company, but your customers as well.
Corporate identity theft is not limited to the web, however. Company credit information should also be closely monitored. Paying bills with corporate account information through unsecured mail, or sending employees on travel assignments with company credit card information and not training employees on how to protect this sensitive information, are both ways that companies increase the odds that information will be lost or stolen.
Online bill paying should be conducted through a secured system, employing at minimum, basic encryption techniques. All corporate mail, deemed sensitive or containing sensitive information, should be sent via a bonded courier; surface mail should be deposited into a secured box for either internal pickup or a U.S. Post Office collection box, and not simply left in common areas or in general unsecured “mail drop stations” within the organization.
Employees should be educated in the various means and methods used by identify thieves to steal valuable personal information. Those employees who travel on company business are targets of thieves who may attempt to steal company account numbers, passwords, credit card numbers, etc., all in hopes of passing themselves off as a “legitimate employee” to an unsuspecting third-party. Employees should be trained to be ever vigilant; practice due diligence when disclosing any information considered sensitive that may be overheard in a public area; never leave sensitive materials unsecured in hotel rooms or in client offices; and encrypt and password protect all critical and sensitive files on any electronic device that accompanies the employee “into the field.”
While maintaining a watchful eye on its own assets, a business must also keep secure the personally identifying data that it collects about its customers. Again, education is key to alleviating the chance of identity theft occurring. Educate the people who are in charge of data and implement good security policies and procedures that employees must follow. Make them aware of the security risks; how to identify someone skillfully trained to steal information; to keep file drawers locked, passwords private, and folders with valuable data off of desks when unattended. Be aware of your surroundings by positioning a computer screen to keep passers-by from looking over your shoulder and sneaking a peak at private information. Beyond the financial implications a business suffers from “losing” a customer’s personal information, consider the immeasurable damage to your company’s image from losing the trust of that customer, or customers, due to theft of confidential and sensitive data.
While recognizing that your customers are at risk, you must also be sympathetic to the fact that, so too are your employees. The consequences of such a crime can be devastating on a personal level, and can result in time out of the office closing accounts or working with law enforcement officials and financial institutions, and can create a general lack of productivity. To combat the problem, consider offering an Employee Assistance Program (EAP) that teaches simple methods to avoid becoming a victim. EAPs teach employees to not throw receipts in the garbage, but rather shred important documents that are no longer of use; be careful of online purchases and use a separate, low dollar amount pre-authorized credit card to make online transactions. This will assist in tracking potentially suspect, unauthorized uses of the employee’s card, and keep the employee’s primary card and its information more secure. The benefit of such an EAP program is that it teaches employees how to handle their personal information appropriately and reduces the risk of lost productivity that a company might experience as a result.
A little training and education about identity theft can go a long way to helping ensure that your company doesn’t become a statistic of this developing crime. Businesses must weigh the cost of training employees and being proactive in order to prevent identity theft against the possibility of losing customers, tainting a company’s image, facing litigation and fines or possibly even having a company fold.
Post a comment