Tips to Protect Your Business and Customers from Identity Theft
If your business maintains people’s information, you must protect that information from misuse. Here are some basic tips from the Better Business Bureau, National Cyber Alliance and Federal Trade Commission.
1. If you do not need the information, do not collect it. The more information you have, the more tempting it becomes to a thief and the more damaging it is to your customers if the information is stolen.
2. If you need it once, do not save it any longer. Companies sometimes collect information that’s necessary to complete a single transaction, then file that information away (either in a paper file or in the computer file). For example, what about job applications for people you do not hire? These contain all sorts of information, including social security numbers. If you don’t keep it, it cannot be stolen. You should also have well-drafted document retention policies regarding all company and employee documents.
3. If you have got it, but you don’t need to save it, dispose of it carefully. A good deal of identity theft happens in the trash barrel or dumpster. Even the small business can afford an inexpensive paper shredder (preferably the cross-cut kind). Make sure you use the shredder to dispose of customer or employee records.
4. If you have to keep it, think security. First, make sure those paper records that contain personal information are kept under lock and key. Make sure computer terminals are password protected. Limit the eyeballs that have access to these records – only those who have an absolute need-to-know should have access to personal information. Don’t allow customers or others to wander around the private areas of your business.
5. Do not broadcast personal information. How often have you stood in line at an office or store behind someone who was being asked to give his/her social security number, telephone number or birth date? How many times have you watched a company’s employee pull up personal information on a computer screen that is visible to other customers? Or have you seen personal information on a file that was left open on a desk or counter? Instruct your employees to be sensitive to these issues. Turn computer screens so they can’t be viewed by anyone other than the operator. Instruct employees who need to have personal information to have customers jot that information down, and do not repeat it out loud where it can be overheard by others. (Dispose of the writing with a shredder). Do not put personal information like account numbers in billings or letters where that information is visible through windows in the envelope.
6. Do not use Social Security Numbers as account numbers. This practice is just downright dangerous – to you and your customers.
7. Do not give out employee or customer information to anyone whose identity cannot be positively confirmed. Information thieves and stalkers tell authorities over and over how easily they were able to obtain all sorts of valuable information simply by calling small business owners or personnel departments and asking. Posing as government agencies or credit grantors or health insurance providers, these thieves have found that a well-crafted, believable story can often get you past the best locking file cabinets or pass-word protected computers. Your organization should have very strict policies on when and how employee or customer information is shared.
8. Locks and alarms are a real deterrent. If you have done everything suggested, you will be more secure during business hours. Make sure your business is just as secure when your business is closed. Make sure all vital records and offices are locked during non-business hours. Exterior doors should have deadbolt locks. Hinges on exterior doors should be secured to prevent removal. Exposed windows should have shatter-proof glass. Your business exterior should be adequately lighted from dark to dawn. Naturally, the business should be protected with an alarm system, preferably one that is monitored by a security company. Your business insurance company — or, in some cases, your local police – may be able to assist you with a security assessment.