Take steps to create a more secure workplace
It used to be that the biggest threat to your personal identity was a random purse or wallet snatching as you walked innocently down the street. Today, an estimated 70 percent of identity crimes in the United States start with the theft of personal data by an employee, according to a study by Michigan State University. The average amount charged to stolen identities and credit cards is $92,873. Victims can spend an average of 600 hours cleaning their credit history and restoring their identity as a result. How can you protect your employees, and more importantly, your customers from potential identity fraud? As a business owner, there are several preventative steps you can take to implement a secure and confidential workplace. • If you don’t already use a shredder or shredding service in your office, get one. They could potentially save your company hundreds of thousands in legal fees should an identity theft occur in your workplace. • Limit access of human resources files and employee information to only a few individuals, and perform a background/security check on those key employees before granting them access. • Add physical barriers, such as locked doors and file cabinets and on the Internet through passwords. When properly disposing of sensitive information, implement the use of shredders for all unneeded documents and trash that might have information or identities on it, especially unopened solicitations. • Warn employees about potential “phishers,” a scenario in which employees seem to receive a “valid” e-mail request from a company or individual requesting passwords or other personal data. Phishing also can push the recipient to a Web URL that utilizes a larger corporation’s logos and branding to create the illusion that they’re actually who they pretend to be. Only the discerning eye can tell the difference between the fraud and the real deal. Remember that no legitimate institution will request a password or confidential information via e-mail. A few other tips on phish-busting: Never type account information into a pop-up window; don’t respond to e-mails asking you to verify information; be suspicious of grammatical or spelling errors — usually indicators of a fraudulent message. • Be cautious on the phone. Advise employees to be discrete when requesting personal data from clients or customers and to turn computer/register screens toward the operator to ensure privacy. • Implement a company-wide security policy, including processes for handling a terminated employee. Take steps to remove terminated employees immediately and shut off their access to any computer and security passwords. By taking corrective action now, you could potentially save yourself and your business headaches and thousands of dollars later. Steve Feinberg is a certified public accountant and the owner of a Fiducial franchise in Londonderry, specializing in accounting, payroll and tax planning for small to mid-size businesses. He can be reached at email@example.com or by calling 434-5981.