When it comes to identity theft, entrepreneurs have to worry about safeguarding not just their own personal information, but also that of their employees, customers, clients and partners. The concept of identity theft has grown as awareness of the problem has risen. "The parameters of what is considered identity theft [have expanded] to include things like account takeover and stealing someone's information but not actually using it," says Judd Rousseau, COO and director of fraud operations for identity theft solutions company Identity Theft 911. That means business owners have to pay attention and safeguard everything from their employees' Social Security numbers to their customers' credit card information.
Harish Rao, 27, co-founder and CEO of online community-building firm EchoDitto, is well aware that his business needs to be vigilant when it comes to identity theft. His $2.5 million company discourages people from sending personal information like Social Security numbers and health forms via e-mail and has set up a secure online portal for employees. Sensitive paperwork is kept in a locked office. When discarding files, Rousseau says, "Shred anything that's sensitive." That's advice Rao and EchoDitto already follow.
Washington, DC-based EchoDitto works with clients that accept payments and donations through their websites to make sure they have the proper security in place. "It is nice to be able to take payments and orders online, but along with that comes a responsibility to ensure that you are using proper encryption and security protocol to safeguard that information," says Rousseau. He suggests having a policy that addresses what information you absolutely need to collect, how you will store such information and for how long.
"It's not so much about physical property anymore," says Rao. "It's about information. If you lose your identity, it could take you years to recover it." Entrepreneurs can protect themselves and their businesses by establishing policies that account for both physical and digital security. Lost or stolen laptops, for instance, are a major source of security breaches. Password and encryption protection on all company laptops can be a big step toward minimizing the risk. Check your business rating and your own personal credit reports on a regular basis to spot any signs of identity theft. Rao has set up blocks on his personal credit reports to prevent marketing companies and fraudsters from accessing his information. You can do the same by contacting the big three credit reporting companies: Experian, Equifax and TransUnion. Credit report monitoring and identity theft insurance services are two options to look into as well.
Keep abreast of laws in your area that govern how businesses handle information and dictate notification requirements if a security breach does occur. Your ultimate aim as a business owner should be to take the proper precautions ahead of time. Says Rousseau, "It's far easier and far less expensive to try to prepare and plan than to have to react and respond."