I’m quoted in an article on TheStreet.com about identity theft and the risks to small businesses. The bottom line? Most small businesses don’t take the threat of a data compromise seriously enough. They forget that their reputation is on the line, and they could lose customers with a data breach. And it’s much more expensive to find new customers than it is to keep existing ones.
Adds Tracy Coenen, a forensic accountant and certified fraud examiner for Sequence Inc., “I get scared for small businesses because they are not thinking about this issue. I think they are more vulnerable because they’re not taking any basic steps.” Too often, businesses hire her to deal with fraud, not to prevent it.
So while all the attention has been paid to consumer identity theft, small businesses have become more attractive to identity thieves because the rewards are greater.
My friend Gary was also quoted, as he had some really great tips on protecting data:
If you must collect sensitive personal information, organize customer data in such a way that only highly confidential information is protected. Gary Nutbeam, owner of computer consulting firm Across the Big Pond, recommends creating three levels: unclassified (information that anyone can see), classified (semi-sensitive information like an internal memo on benefits) and secret (data like customer contracts).
“It is impractical to fully protect everything,” adds Nutbeam. “You can keep costs down by putting your effort toward protecting the most sensitive data.”
Ask and Don’t Tell
To further lower your liability, limit companyaccess to customer information. It could be as simple as locking up confidential files or databases and giving one or two essential employees the key or their own unique user I.D. “If a user I.D. is shared, it’s impossible to know who really accessed the data,” says Nutbeam.
The reporter was also kind enough to mention my new book, Essentials of Corporate Fraud.
Trackback from your site.