When your business's rubbish is disposed of each day, is it secure?
It might sound crazy, but there are enterprising crooks out there prepared to troll through your rubbish to see if they can piece together enough information to replicate your business' identity or that of your customers, to banks and other businesses. Debts are then incurred in the name of your business, and the crook gets away with the good or service they purchased.
With this in mind, what can you do to safeguard sensitive information in your business?
-
Maintain confidentiality
Keep confidential information in a safe place and ensure only authorised staff have access to it. Properly dispose of documents by shredding or via a secure rubbish disposal service. -
Guard your mail from theft
Deposit outgoing mail in post office collection boxes or at your post office, instead of an unsecured mailbox. Remove mail from your locked letterbox promptly, or subscribe to a PO Box service at your local post office. -
Keep your credit card safe
Don't let your credit card out of your sight. Thieves can use handheld magnetic card readers to obtain personal information off the magnetic strip on credit and debit cards. -
Secure personal documents
Don't leave personal documents that contain your address unattended, including in your car. -
Set up and use passwords
Secure your handheld electronic devices such as mobile phones and PDAs by setting up a password to access them. Stolen devices will be useless to thieves without the correct password. -
Prevent unauthorised access to your computer
Some viruses can cause your computer to send your information to unknown parties. To help prevent such viruses, update your virus protection software regularly. Don't download files from strangers or click on links from people you don't know. Use a firewall, especially if you have broadband or "always on" connection to the Internet. -
Take care when transmitting personal information
Use a secure browser when surfing the web. When submitting personal information on a website, ensure there is "lock" icon on the status bar. -
Beware of "phishing"
Phishing is the practice of sending bulk e-mail or pop-up messages that deceive businesses into disclosing their account numbers, passwords, and other confidential information. This often occurs through e-mail requests to "update" or "validate" records or accounts.
The message may direct you to a web site that looks just like a legitimate business web site, but it isn't. To help address this, do not give confidential information to someone who has called or e-mailed you unsolicited.
Legitimate companies do not solicit information in this manner. Instead, confirm the legitimacy of the request by phoning or e-mailing the company first, using contact information on your account statement or in the telephone book. -
Don't store sensitive information on your laptop
Laptops are easily stolen. Avoid using a feature that automatically saves your user name and password on your laptop, and always log off when finished. Dispose of computers you no longer use, properly.
Delete any personal information stored on your computer before disposing of it, by using a "wipe" utility program which overwrites the hard drive. -
Maintain accurate records of your banking and credit card accounts
A missing statement may mean that someone has obtained and re-routed your account and financial information. Review your statements regularly and ensure all transactions relate to your business. -
Thoroughly review all accounts before remitting payment
Is every invoice in your business legitimate? Unauthorised charges may be the first sign of identity theft.
Having procedures in place to validate that goods and services have been delivered to your business, and were approved in the first place are critical. In many cases, the crooks target small value invoices on the belief that your staff won't notice or question a charge.
SMEs don't need to be paranoid about identity theft, just vigilant. Putting in place these basic practices will assist in protecting your business.
Top of page