Over the past month, we've talked about combating
personal
identity theft, including financial
and medical
fraud. But
as professionals, primarily
solopreneurs and small business owners, we need to be cautious about
the
ever-increasing occurrences of business identity theft.
Bbusiness ID theft (by thieves posing
as you
or as valid customers) can ruin your commercial credit
ratings, incur huge
fraudulent expenses,
allow fraudulent loans
obtained in your company's name and
destroy your business
reputation.
Armed with just a business owner's Social Security number,
a thief
may be able to steal your clients' and
employees' identities or sell your confidential business information.
But protecting your SSN isn't nearly
enough. A crime
called "business
bustout" entails a criminal renting space in your building (hear that,
home-based apartment-dwelling business owners?) and applying for credit
in your
company's name. The
almost
identical address, differing only by suite or apartment number, may
pass the
credit check. The
thief can then
use credit in your name, or equally frightening, sell the cards to
other
thieves.
And, of course, thieves can just
emulate your letterhead or
your online logo/website and start committing various frauds while
pretending to be you. Yikes! Indeed, Robert Siciliano,
a business
identity theft expert and CEO of Boston-based IDTheftSecurity.com,
reports $50
billion in losses for businesses each year, and small businesses are
being
targeted more often than individuals because business credit lines have
higher
limits. Organize and prioritize to protect yourself:
FINANCIAL ISSUES
1)
Maintain
a separate business credit history by applying for a federal
tax employer
identification
number (EIN) and seeking all loans and capital under this
number. Many
advisors urge setting up your
business as an LLC or corporation to offer you greater protection.
2)
Monitor
your business credit by subscribing to a credit monitoring
service. While
checking your personal credit
history a few times a year will suffice and can be done manually,
personally monitoring your business identity theft can be
exhausting--delegate!
The four business credit reporting agencies are:
Business Credit USA
Dun
& Bradstreeet
Equifax
Business
Experian
Business
3)
Place
a freeze on your business credit (preventing others from
securing credit in
your name) if you won't need new credit lines soon. Don't be
so greedy for new business that you open yourself
to fraud.
4)
Don't
get fooled, and don't get phished!
Don't get conned into giving out
confidential information
over the phone or via the web. If
someone alleging to be front your bank or vendor contacts you, unless
you know
the individual personally, hang up and call them back (from a secure
land-line)
at the number you have in your records.
Similarly, the IRS and your bank won't be contacting you
via email with
personal letters—always log in from your bookmarked URLs or type them
yourself.
Also, be suspicious of large, odd or
international orders,
especially those coming over the internet.
5) Check
references of new vendors, especially those without a
prominent and
well-established reputation.
PHYSICAL SECURITY ISSUES
6)
Secure the premises.
Having an alarm system (whether you
have a home- or
office-based business) with a prominently displayed warning from the
security
company deters criminals. Install
deadbolts for external doors, and talk
to your security company about improving the security on first-floor
exposed windows. Options include shatter-proof glass, special
films,
bars and other nifty gadgets.
7)
Secure maintained records.
Store all of your tangible business
records (customer/client
records, employee data, banking records) in locked filing cabinets, and
lock
the cabinets whenever you are away.
Electronic database backups are best maintained in your
company's safe
deposit box at the bank; barring that, use a locked, fireproof safe.
8)
Secure discarded records, too.
There are too many vital pieces of
client, employee and company
information in the papers you discard.
Shred
anything remotely sensitive.
If your company is small enough (i.e., just you and maybe
an in-house
assistant), a shredder from the office supply store will suffice. Once your business grows,
you'll want
to investigate the services of a respected mobile or off-site shredding
company like
Shred-Pro
or ShredIt,
which offers certified document destruction.
9)
Guard
your mailbox.
If the bad guys can steal your mail,
they can obtain
important financial info. Invest
in either a post office box for your company or locked
mailbox.
DIGITAL SECURITY ISSUES
10)
Be vigilant about computer and data
access
Who wanders through your
office? Customers, vendors, consultants? Friends and family,
maintenance staff
and colleagues? Even
in a home
office, where only the UPS guy, babysitter and pizza delivery gal see
your
desk, it's crucial to protect sensitive data from disclosure—whether
that's your SSN or EIN and bank data,
clients' proprietary information or personnel files. The more
clutter in
your desktop environment, the harder it is to know when something is
missing or if prying eyes have settled on them.
Secure laptops with security
cables and desktop computers with passwords (and firewalls). Don't post
sensitive information on
your walls and the periphery of your computer screen! (Take a
look around—can you see your IDs &
passwords, account numbers or intellectual property? Then so can
everyone
else!)
Maintain firewalls, encrypt your
information, and protect
your web site and e-mail accounts from hackers.
Regularly check for "holes"
in your wi-fi network, your shopping cart or other security
pitfalls. Make friends with a security guru in your networking group!
11) Watch
your staffers.
An estimated 70% of identity crimes
in the U.S. start with
the theft of personal data by an employee, according to a study by
Michigan
State University. Instead of stealing merchandise, many employees steal
data
and get money. As
they say,
"trust, but verify".
Do all your staffers need to be able
to access programs or
databases that may contain sensitive information? Password protect
these and
prioritize what documents are accessed on a need-to-know basis. And if an employee leaves,
even under
pleasant circumstances, change any passwords to which she or he had
access.
12)
Communicate
with your clients frequently (via newsletters, blogs,
podcasts and other
measures) and request that they report any attempted spoofing or
phishing.
13)
Google
your company name often, or better yet, set up Google Alert
for your company's names and
brand names. This will alert you
to any potentially fraudulent use of your identity. Also
watch for unauthorized sites mirroring
your own site.
14)
Keep a watchful eye
for pirated content.
While
it's not as economically serious as stealing your credit or your good
name, some of the bad guys are using your expertise to build their own
(purloined) good will. To make sure the content of your
articles
and blogs are not being plagiarized, monitor your work at CopySentry's
free Copyscape
search or through their ongoing services.
For further
resources on business identity theft, check out:
--
Julie Bestry, Certified Professional Organizer®
Best Results Organizing
"Don't apologize. Organize!"<
organize@juliebestry.com
Visit http://www.juliebestry.com
to save time and money, reduce stress and increase your productivity
Private Reply to Julie Bestry (new win) |