Guest Editorial

New crisis faces small business


Do you know the quickest way to lose both your personal and business assets at the same time? A fire? A hurricane? No, it is information theft, the corporate equivalent of personal identity theft! When this disaster strikes, home and business owners, and especially small-business owners, can suffer huge losses in financial assets, reputation, banking relationships, vendor relationships and customer relationships.

This simple and usually undetected dishonest act can destroy a business! Business owners spend money on virus prevention and data back-up, but what about information theft, which includes computer data as well as paper-based information, acquired from inside the organization?

Information theft can be the theft of the business owner's identity or it can be the theft of information from the small business itself and/or about its customers. Did you also know that in half of the instances where the perpetrator is known, ID and/or information theft is committed by someone close to the victim

In recent weeks, the press has been reporting numerous examples of stolen, misappropriated and lost credit card information on millions of people in America. It is outrageous for some of the largest financial services companies to have such a reckless disregard for critical information entrusted to them by consumers. But these mistakes, accidents and acts of dishonesty can affect even the smallest of businesses with substantial impact on consumers. Seventeen percent of personal ID theft occurs by someone at the workplace of the victim.

What will you tell your banker when your personal credit rating goes down because your identity was stolen and your personal guarantee is on the company's borrowing? What will you tell your customers who buy from you with credit cards when your IT system is breached or your paper records are stolen or copied and their identity has been stolen? What will you tell your vendors when you can not pay for the goods or services purchased by you on behalf of "customers" who may have made their purchases with stolen credit cards and now you get charge-backs from the credit card companies of the real credit card owners?

You bought fire and liability insurance to protect the company's assets from casualty losses. What type of insurance did you buy for this type of problem? Is there any? Can you afford it? Hacker insurance and Internet liability coverages are like a spare tire with no air in it. You need it now, not later!

However, this is not an insurance problem. It is a risk management issue. It is preparedness for a disaster or crisis issue. How will you continue your business and recover from the losses you suffer, economic damage, damage to your reputation and replacement of lost opportunities? What if a competitor accesses your database and has access to your customer list, accounts receivable or payables list or other proprietary information?

You need to identify the problem now, quantify the risk potential, and establish a preparedness plan to deal with it immediately upon discovery. Small business owners are not used to being on guard and watchful of potential disasters until an event occurs that motivates a call to action. It has been estimated that approximately 40 percent of businesses that suffer a disaster or crisis never recover. Many never survive a year after the crisis.

There are many ways to protect your most important business asset, your information (data), but here are just a few simple tips to get started on a preparedness and prevention program:

Review your business operations and identify your information theft exposures, evaluate hiring procedures and develop an awareness culture. Encrypt data on laptops, desktops, networks and remote access devices. Use and update security software. Save data daily to networks, especially off premises using 3rd party vendors. Conduct background checks on new hires. Terminate access to data systems when employees leave employment. Restrict access to sensitive data. Don't discard hardware until all data has been removed. Restrict and protect access codes and passwords. Train employees about privacy, security, and to recognize unusual activity and transactions. Use shredders liberally and frequently for unneeded paper documents. Get prepared for a breach of security; have a plan and a team to implement it

Remember, prevent a fraudster from accessing information, changing an address or perhaps using your company's credit information to set up accounts and make transactions that you don't know about until the bills start coming in or the phone calls from creditors alert you to the fraud. Products and services may be purchased, delivered to a phony address and perhaps the merchandise then returned for cash credits.

The key to minimizing identity and information theft is vigilance, good business practices, and preparedness.

Norris L. Beren is the Executive Director of the Emergency Preparedness Educational Institute and the author of "When Disaster Strikes Home!"

. Bob Story,can be contacted at

(509) 837-4500, or e-mail him at


Comments are subject to moderator review and may not appear immediately on the site.

Please read our commenting policy before posting.

Any comment violating the site's commenting guidelines will be removed and the user could be banned from the site.

Use the comment form below to begin a discussion about this content.

Sign in to comment