Identity theft is growing. From shoulder surfing (where an identity thief looks over your shoulder to see your PIN number) and stealing credit card numbers from the mail, dumpsters or handbags, criminals are developing ever more sophisticated identity theft techniques, such as hacking into databases and phishing (sending bogus email from a company that appears legitimate in the hopes of collecting your personal information).
And identity theft leads, of course, to identity fraud, the deceptive use of another person’s identity for financial gain.
As small business owners, we can no longer afford to be lax about protecting our customers' personal information – and our own.
Two Basic Rules of Identity Theft Prevention
First, to prevent identity theft, we need to follow basic security practices to physically protect our customers' personal information and other business data.
Secondly, we need to ensure that our information systems, such as computer networks, aren’t open targets for identity theft.
What can Businesses Do to Prevent Identity Theft?
1) Secure your business premises with locks and alarms.
Alarm systems are effective deterrents to criminals thinking of breaking into your business, including those intent on identity theft – especially alarm systems that are monitored by a security company. Make sure external doors have deadbolts and that exposed windows are secured with security film, bars, screens or shatter-proof glass.See Building Security 101 (About.com Business Security).
2) Put your business records under lock and key.
Store your physical business records, such as customer records and other data on paper, in locking filing cabinets – and lock the filing cabinets at night, or at those times during the day that you and your staff will not be "supervising" access (such as lunch time). Put copies of system and database backups and important business data in your safe (or in your security deposit box at the bank if you don't have an on-site safe). Learn how to set up an effective backup system here.
3) Shred, shred, shred.
Business records of any kind should never just be tossed into the trash or recycling bin where they can become a bonanza for criminals intent on identity theft; instead, all business records that you no longer have a use for should be shredded. Businesses that operate out of small and home offices can buy inexpensive shredders at any office supply store; for businesses with volumes of material to be disposed of, there are shredding services that will come and do what needs to be done.
Pay special attention to the mail, a favourite source for identity theft. Anything that has your name and address on it should be shredded, and that includes most bills.
4) Be cautious on the phone.
It’s easy for someone to pretend to be someone they're not on the phone. Whether it’s someone who wants personal information on a particular customer, or someone who claims they need to verify one of your personal accounts, don't give out information over the phone unless you can positively confirm the caller's identity.
"Information thieves and stalkers tell authorities over and over how easily they were able to obtain all sorts of valuable information simply by calling small business owners or personnel departments and asking. Posing as government agencies or credit grantors or health insurance providers, these thieves have found that a well-crafted, believable story can often get past the best locking file cabinets or password-protected computers," warns the Better Business Bureau.
5) Limit access to your computers.
Your computer network needs to be password protected (About.com Internet/Network Security), of course, so that anyone who wanders through your office can't just access your network. But you also need to consider issues of internal network access. Does every employee need to be able to access programs or databases that may contain sensitive information? Password protect these, too, and grant access on a "need-to-know" basis to help cut down identity theft.
Continue on to the next page to read about five more ways that you can prevent identity theft.