Borrowing again from the Identity Theft Resource Center, what follows is a valuable self-assessment of identity theft exposure. Take stock to see where you may be vulnerable and where you can improve. Inadequate security and poor business practices may open a company up to liability suits, fines and loss of clientele. While no one can totally prevent identity theft due to the human element of this crime, there are steps that a company can take to minimize the risk factors. Safe information handling practices are critical to keep identifying information out of the hands of thieves.
• Information acquisition — Is there a good reason for requesting the information that you gather? Is it really necessary? (A. Yes B. Don’t Know C. No)
• Information acquisition — Is the information acquired in a safe manner, so that it cannot be overhead or seen by others? (A. Yes B. Don’t Know C. No)
• Storage — Have computer security measures been placed around the systems storing personal data? Is there physical security for the data storage? Is the data considered highly classified and common access prevented? Do both physical security and network security prevent unauthorized access to the data? (A. Yes B. Don’t Know C. No)
• Access — Is personal identifying information available only to selected/qualified staff? Is database access audited and password controlled? (A. Yes B. Don’t Know C. No)
• Disposal —Do you know what goes into your dumpster? Are electronic and paper documents and databases containing personal information rendered unreadable prior to disposal? (A. Yes B. Don’t Know C. No)
• Distribution —Are personnel trained in the proper procedures regarding information disclosure? Do you prevent public display, use or exchange of personal information (especially Social Security numbers) in your workplace? Does this include employee or membership cards, timecards, work schedules, licenses or permits, and computer access codes? (A. Yes B. Don’t Know C. No)
• Personnel —Do you conduct regular background checks on ALL employees with access to identifying information? Does this include mailroom staff, cleaning crews, temp workers, and computer or hotline service techs. (A. Yes B. Don’t Know C. No)
If you have all “A’s” above, you are on the right track. If you have multiple “B’s” or “C’s”, you are probably vulnerable, and should take steps to understand how easy identity theft or data breaches might be, and how much it could cost your firm. Businesses that become victimized by thieves and opportunists can find themselves facing large liability civil suits as well loss of reputation.
For more resource on minimizing risk for identity theft please visit www.hvshred.com