Identity Theft a Huge Problem for Small Businesses

07/02/08 - 11:45 AM EDT

Identity theft is a multibillion-dollar problem affecting 8 million people a year. But experts say it isn't just a consumer issue. In the thousands of cases prosecuted by the U.S. Secret Service in the past six years, half of the time, it was businesses that provided the entry point for thieves, according to Sai Huda, CEO of Compliance Coach, makers of Web-based compliance tool CompliancePal.

Adds Tracy Coenen, a forensic accountant and certified fraud examiner for Sequence Inc., "I get scared for small businesses because they are not thinking about this issue. I think they are more vulnerable because they're not taking any basic steps." Too often, businesses hire her to deal with fraud, not to prevent it.

So while all the attention has been paid to consumer identity theft, small businesses have become more attractive to identity thieves because the rewards are greater.

Here are eight steps you must take to protect your customers, and yourself:

Adopt a Need to Know Policy

As you build up your customer base, collect information that is only necessary to conduct your business. That way, says Jay Foley, executive director of the nonprofit Identity Theft Resource Center, you can't be held responsible should their information get stolen. So if you don't need someone's social security number, don't ask for it.

Arrange Data

If you must collect sensitive personal information, organize customer data in such a way that only highly confidential information is protected. Gary Nutbeam, owner of computer consulting firm Across the Big Pond, recommends creating three levels: unclassified (information that anyone can see), classified (semi-sensitive information like an internal memo on benefits) and secret (data like customer contracts).

"It is impractical to fully protect everything," adds Nutbeam. "You can keep costs down by putting your effort toward protecting the most sensitive data."

Ask and Don't Tell

To further lower your liability, limit company access to customer information. It could be as simple as locking up confidential files or databases and giving one or two essential employees the key or their own unique user I.D. "If a user I.D. is shared, it's impossible to know who really accessed the data," says Nutbeam.

� Previous Page

1 2 3

Next Page �

Featured Photo Galleries

Go to Slideshow Archive

WMT INTC GOOG NOK DELL JPM TGT LOW MSFT CSCO BCS PFE COP WFC BA MS RIMM IMCL NCC MCD AIG FNM CVX F GE FRE C FCX XOM JNJ T YHOO IBM BP AAPL KO MER HD AXP LEH BAC BMY HPQ WM ORCL WB GS USB GM PG

Your Recent Quotes: Quote Up

0 |

Dow	S&P 500	NASDAQ	Oil*
			Gold
			10 Yr 0.00%
%	%	%	Data delayed 20 min

Access Action Alerts Plus to find out Cramer�s latest picks now!