Identity Theft a Huge Problem for Small Businesses

07/02/08 - 11:45 AM EDT

Lan Nguyen

Identity theft is a multibillion-dollar problem affecting 8 million people a year. But experts say it isn't just a consumer issue. In the thousands of cases prosecuted by the U.S. Secret Service in the past six years, half of the time, it was businesses that provided the entry point for thieves, according to Sai Huda, CEO of Compliance Coach, makers of Web-based compliance tool CompliancePal.

Adds Tracy Coenen, a forensic accountant and certified fraud examiner for Sequence Inc., "I get scared for small businesses because they are not thinking about this issue. I think they are more vulnerable because they're not taking any basic steps." Too often, businesses hire her to deal with fraud, not to prevent it.

So while all the attention has been paid to consumer identity theft, small businesses have become more attractive to identity thieves because the rewards are greater.

Here are eight steps you must take to protect your customers, and yourself:

Adopt a Need to Know Policy

As you build up your customer base, collect information that is only necessary to conduct your business. That way, says Jay Foley, executive director of the nonprofit Identity Theft Resource Center, you can't be held responsible should their information get stolen. So if you don't need someone's social security number, don't ask for it.

Arrange Data

If you must collect sensitive personal information, organize customer data in such a way that only highly confidential information is protected. Gary Nutbeam, owner of computer consulting firm Across the Big Pond, recommends creating three levels: unclassified (information that anyone can see), classified (semi-sensitive information like an internal memo on benefits) and secret (data like customer contracts).

"It is impractical to fully protect everything," adds Nutbeam. "You can keep costs down by putting your effort toward protecting the most sensitive data."

Ask and Don't Tell

To further lower your liability, limit company access to customer information. It could be as simple as locking up confidential files or databases and giving one or two essential employees the key or their own unique user I.D. "If a user I.D. is shared, it's impossible to know who really accessed the data," says Nutbeam.
< Previous
1 2 3
Your Recent Quotes: Quote Up0 | Quote Down0
 
Dow S&P 500 NASDAQ
Oil*
65.43
8,280.74
896.42
1,796.52
10 Yr
3.50%
223.32
26.91
49.20
-2.63%
-2.91%
-2.67%
Data delayed 20 min
Get Jim Cramer's Free Newsletter

The Daily Booyah!
Get your daily dose of Cramer in your inbox.
Submit
We respect your privacy.

Premium Stock Ideas
Access Action Alerts Plus to find out Cramer's latest picks now!

Brokerage Partners