These days you don’t have to look far to find stories of identity theft caused by breaches of business data. Could it happen to you? Have you taken steps to secure the information your company collects?
What’s at risk? You probably accumulate confidential information in several areas of your business. For instance, payroll files contain personal details such as employee social security numbers, birthdates, and health insurance records.
In addition, you may maintain databases that include the names, addresses, phone numbers, and credit card numbers of customers and vendors.
If that information falls into the wrong hands, the finances and credit of your employees, vendors, and customers, as well as the reputation of your business, could be compromised.
How can you protect your data? Start with simple, common sense steps. For example, avoid putting critical information on easily portable media such as laptop computers, thumb drives, diskettes or tapes. To secure company servers, use lengthy alpha-numeric passwords and change them often. If you store paper records in a file cabinet, keep it locked.
You can also enlist the help of your employees. Ask them to practice clean desk policies, and make them aware of phishing schemes. For telecommuters, establish and enforce a company ban on transferring sensitive information to home computers.
What should you do if you suspect a breach of data? Call your local police department and file a report. You can also contact the local office of the FBI or the US Secret Service. Report incidents involving mail theft to the US Postal Inspection Service.
Notify all the people affected by the breach, and give them the name of a contact person in your business who can provide assistance and information. The US Federal Trade Commission offers a sample letter you can use, as well as a pamphlet explaining the steps that victims of identity theft should take to mitigate damage.
You may also want to contact your business attorney to find out if federal and/or state laws call for additional specific actions that your business needs to take.