Identity theft can have devastating financial and psychological consequences. When thieves make purchases, empty bank accounts, or take out loans under other people’s names, it can take months, or even years, for those who are victimized to restore their good credit.
Less well known is the catastrophic effect of identity theft on businesses that fail to adequately protect confidential data. “Losing” a customer’s data can result in litigation or fines, and it may irreparably damage a company’s reputation if a data breach is made public. Smaller companies, in particular, are at risk for identity theft, while larger companies have become more adept at warding off hackers and other thieves.
Here are some of the precautions you, as a business owner, can take to reduce the risk of sensitive customer data falling into the wrong hands:
- Minimize the amount and type of information collected. The theft of Social Security numbers can be particularly detrimental to individuals, so companies should use other means of identifying customers, whenever possible. However, even less sensitive information, such as phone numbers and birth dates, can also be tempting to thieves.
- Conduct all electronic transactions through authentication systems with security designed to verify that the user who accesses an account or provides information is legitimate.
- Restrict employee access. Authorize employees to view or handle data on a “need-to-know” basis. There are software programs available that allow you to monitor who is accessing data at any given point in time; store this information in case an audit becomes necessary. If an employee leaves the company, access to the company’s databases should be withdrawn immediately.
- Remind employees that phone conversations can be overheard and computer screens can be viewed by unauthorized individuals. Encourage employees to use discretion when discussing confidential information and to lock their computers when they are away from their desks.
- Protect your computer network with firewalls that create a protective barrier between your company’s network and the Internet. Available as either software or hardware, firewalls can stop potential hackers from gaining access to confidential information stored in your system.
- Use encryption when exchanging sensitive information with customers via a website or e-mail, and encrypt confidential customer data stored on servers and backup systems. Encryption software scrambles data during Internet transit, making it difficult for hackers to intercept and steal information.
- Install antivirus and anti-spyware software on all company computers. Be sure the software includes automatic updates. As an extra precaution, remind employees not to open email from unfamiliar addresses.
- Store information in the most secure location possible, and properly dispose of old records. If it is not necessary to keep customer information online, store it offline in file cabinets, under lock and key. Avoid storing confidential data on discs or CD-ROMs. Hard copies of records containing sensitive information should be shredded when no longer needed.
- Protect hardware from tampering or theft. Thieves can tap into sensitive data stored on servers, hard drives, and notebooks if they find or steal the equipment. Notebooks containing sensitive customer information should not be taken outside the company, unless it is necessary to do so. Before disposing of old computer equipment, businesses should run hard-drive shredding software.
- Include as little personal information as possible in written correspondence to customers, as thieves can steal Social Security and account numbers by intercepting mail.
If a data breach occurs, prompt action will be required. Suspend the compromised accounts immediately, and shut down the systems containing the data to prevent additional theft. Notify the police and the FBI of the breach, as well as any customers who might be affected. Your company’s security systems will require thorough analysis to establish how the breach occurred, and steps must be taken to prevent future losses.