The Next Crisis Facing Small Business
- Published on January 31, 2008
- Written by Mike McClain, Senior Web Designer & Site Manager
When this disaster strikes home, business owners – especially small-business owners – can suffer huge losses in financial assets, reputation, banking relationships, vendor relationships, and customer relationships.
This simple and usually undetected dishonest act can destroy a business!
Business owners spend money on virus prevention and data backup, but
what about information theft, which includes computer data as well as
paper-based information acquired from inside the organization?
Information theft can be the theft of the business owner’s identity or it can be the theft of information from the small business itself and/or about its customers. Did you also know that in half of the instances where the perpetrator is known, ID and/or information theft is committed by someone close to the victim?
The press has been reporting numerous examples of stolen, misappropriated, and lost credit card information on millions of people in America. It is outrageous for some of the largest financial services companies to have such a reckless disregard for critical information entrusted to them by consumers. But these mistakes, accidents, and acts of dishonesty can affect even the smallest of businesses with substantial impact on consumers. Seventeen percent of personal ID theft occurs by someone at the workplace of the victim.
What will you tell your banker when your personal credit rating goes down because your identity was stolen and your personal guarantee is on the company’s borrowing? What will you tell your customers who buy from you with credit cards when your IT system is breached or your paper records are stolen or copied and their identity has been stolen? What will you tell your vendors when you cannot pay for the goods or services purchased by you on behalf of “customers” who may have made their purchases with stolen credit cards and now you get charge-backs from the credit card companies of the real credit card owners?
You bought fire and liability insurance to protect the company’s assets from casualty losses. What type of insurance did you buy for this type of problem? Is there any? Can you afford it? Hacker insurance and Internet liability coverages are like a spare tire with no air in it. You need it now, not later!
However, this is not an insurance problem. It is a risk management issue. It is preparedness for a disaster or crisis issue. How will you continue your business and recover from the losses you suffer, economic damage, damage to your reputation, and replacement of lost opportunities? What if a competitor accesses your database and has access to your customer list, accounts receivable, or payables list or other proprietary information?
You need to identify the problem now, quantify the risk potential, and establish a preparedness plan to deal with it immediately upon discovery. Small business owners are not used to being on guard and watchful of potential disasters until an event occurs that motivates a call to action. It has been estimated that approximately 40 percent of businesses that suffer a disaster or crisis never recover. Many never survive a year after the crisis.
There are many ways to protect your most important business asset, your information (data), but here are just a few simple tips to get started on a preparedness and prevention program:
- Review your business operations and identify your information theft exposures, evaluate hiring procedures, and develop an awareness culture
- Encrypt data on laptops, desktops, networks, and remote access devices
- Use and update security software
- Save data daily to networks, especially off premises using third-party vendors
- Conduct background checks on new hires
- Terminate access to data systems when employees leave employment
- Restrict access to sensitive data
- Don’t discard hardware until all data has been removed
- Restrict and protect access codes and passwords
- Train employees about privacy, security, and to recognize unusual activity and transactions
- Use shredders liberally and frequently for unneeded paper documents
- Get prepared for a breach of security; have a plan and a team to implement it
Remember, prevent a fraudster from accessing information, changing
an address, or perhaps using your company’s credit information
to set up accounts and make transactions that you don’t know about
until the bills start coming in or the phone calls from creditors alert
you to the fraud. Products and services may be purchased, delivered
to a phony address, and perhaps the merchandise then returned for cash
The key to minimizing identity and information theft is vigilance, good business practices, and preparedness.
Norris L. Beren is the executive director of the Emergency Preparedness Educational Institute and the author of “When Disaster Strikes Home!” He is the host of The Preparedness Report online at WGPNRadio.com. He may be contacted at Norris@getprepared.org.
"Appeared in DRJ's Winter 2006 Issue"