Businesses sometimes adopt a head-in-the-sand
attitude when it comes to identity theft. That's good news for thieves. By
stealing the average consumer's credit card data, a thief can run up a sizeable
bill at a department store or online auction. But if the crook absconds with
corporate files, a treasure trove of sensitive information (from vendors,
customers, and employees) can be his for the taking.
Say you operate a local video store. In the
process of signing up new members, you collect sensitive information such as
credit card numbers and home addresses. One night a tech-savvy thief breaks in
and steals the store's computers, thereby gaining access to all customer data
you've collected. When the spending spree begins (and it will) and your
customers learn of this security breach (and they will), your business
reputation is headed for a nose dive.
To reduce the risk of identity theft at your
company, consider the following:
· If
you don't need it, don't collect it. The more sensitive information that's
sitting in your filing cabinets or on your computer, the more risk you run. So
don't ask for a customer's social security number and home address if all you
really need is a name and phone number.
· Limit
access. Staff should only be allowed to view information that's needed for
their particular duties. The maintenance guy probably doesn't need to know
about client health records. Perhaps the receptionist can remain ignorant about
supplier identification numbers.
· Who's
asking? Thieves often get sensitive information from eager-to-help staff
who fall for believable stories. "Miss, my mother is in the hospital and
she really needs this information for proof of insurance." When you or
your staff get a seemingly legitimate request, be sure to follow up. Call the
hospital directly before sharing information.
Identity theft is not just a problem for your
clients; it's a business threat as well.
No comments:
Post a Comment