A Growing Threat to Small Business Owners

If you are a small business owner, ID theft is something you need to be concerned about. As a business owner, you are responsible for safeguarding personally identifiable information (PII) in your possession. This means you have a strict responsibility not to divulge your employees’ or customers’ identification, medical histories, coverage details, birth dates, Social Security numbers or credit card numbers.

But your potential liability isn’t limited to the unauthorized release of PII you actually own. If you have an employee whose purse gets stolen in the employee lounge – and someone steals her identity and uses it, you could potentially be held liable.

Lastly, your employees could be in on the con – using their access to your employee and client records to steal credit card numbers, account numbers and the like.

So as a business owner, how can you protect yourself and your honest employees?

* Appoint a privacy officer in your company and invest in training.


* Develop a company privacy and data security policy, and put it in the employee handbook. Have each sign an acknowledgement.


* Conduct background checks on new hires.


* Go into all your employees’ copies of Outlook and turn off Autocomplete.


* Consolidate all sensitive information onto a single server and password protect that server.


* Password protect all sensitive files. These are any files that include personally identifiable personal, medical or financial information.


* Change all the passwords. Then give the new password only to those employees with a need to know. Better yet, make sure they all have their own passwords whenever possible. That way, the user log can be audited if there ever is a breach in security.


* Increase your company’s liability insurance and errors and omissions insurance coverage.


* Invest in a good shredder and ensure your employees use it. Identity thieves commonly go through trash to find sensitive information.


* Don’t tolerate employees leaving valuables unsecured.


* Create a culture that emphasizes the value of confidentiality.


* Implement strict controls on the use of your company’s credit and debit cards, as well as business checking accounts.


* Use E-Verify to verify employees’ Social Security numbers. According to the Center for Immigration Studies, 98% of perpetrators who steal Social Security numbers use their own names with stolen numbers. Using E-Verify can help you detect this problem.


* Change passwords and physical security passcodes any time someone leaves your employ, for any reason.


None of these steps are a guarantee against identity theft and other data security breaches. But by creating an atmosphere of vigilance, you can substantially reduce the chances that you, your clients and your employees will become victims.