By Justin Leverton
The horror stories of identity theft surround us. This growing epidemic affects businesses of all sizes-from small franchise stores to multi-national corporations. Just last week, an Indianapolis retailer announced the theft of a computer server containing customer credit card information. On a much larger scale, the TJ Maxx security breach reportedly cost the company over $256 million. According to the Identity Theft Resource Center, a person is victimized by identity theft in the U.S. every two seconds! The question is not if your business will be affected, but when.
Businesses must take proactive steps to combat unauthorized access to electronic information. Otherwise, your customers may end up being another statistic and your business will face costly remediation requirements (in addition to bad PR). Here are some common sense steps to prevent data security breaches with your business:
(1) Lock up desktop computers and server rooms. Thieves often steal computers for the hardware; not the data stored on them. Nevertheless, hard drive information can fall into the wrong hands. Send a message to prospective thieves that your computers are off-limits.
(2) Don't leave laptops in parked vehicles. The most common occurrence of data security breach is a laptop being stolen out of the backseat of an unattended vehicle. While the thief may want only the laptop and not sensitive information, a stolen laptop still puts your business and customers at risk.
(3) Encrypt personal customer information. Third party encryption software is affordable and there is no excuse for not using it on all computers-or at least laptops. By using encryption software, you may not have to notify customers if the computer is stolen. The encryption software is only as good as the key; it should be given on a need-to-know basis.
(4) Don't store personal customer information if it is not necessary. Once you process a credit card transaction, is it vital to save the credit card number and billing address? If the answer is no, destroy it. There's no need to create a lingering liability for your business. Also consider using a unique customer id rather than a social security number for identifying customers.
(5) Ensure proper destruction of old computer hardware. Placing a file in your computer's recycle bin does not ensure permanent destruction of the file contents. Free hard drive scrubbing software is available on the internet. Contact a local computer repair business about safely recycling your computer hardware.
(6) Install computer tracking software on laptops. In addition to locking up your computer, you need to be able to recover your stolen laptop. Third party tracing software is available to locate your stolen/lost laptop. Once the laptop connects to the internet, it sends a signal allowing the owner to track the current location. In some cases, the software can automatically delete sensitive information when it is stolen.
(7) If your business is a target, get professional help. You have legal obligations if a data breach occurs with your business. You must notify affected individuals if their personal information becomes available to unauthorized users. With a few exceptions, notification requirements are state-specific. If you have customers in multiple states, the method and content of notification may be different. Don't navigate the spider web of legislation alone; there are professionals available.
Identity Theft is the fastest growing crime in the country. However, it remains a crime of opportunity. If you are proactive by taking some common sense steps to make it tougher for thieves to access your electronic information, you'll save your business money in the long-run. If you do find yourself a victim of a cybercrime, immediately seek professional help to minimize your liability and your customers' exposure.