Protecting Your Business from Identity Theft and Fraud
As a business, you have an obligation to keep your customers' sensitive data safe and secure. Every employee should also be informed of their role in maintaining this confidentiality. A regular training program will help inform current and new employees of the proper handling of a customers personal information and online safety and security.
To assist you in learning more, and informing your employees of their responsibility in helping protect your business and your customers we suggest you use the video at the link below as a training tool. Then take a few minutes to read the remainder of the information below.
Start Protecting Your Business
Most companies keep sensitive personal information in files-names, Social Security numbers, credit card, or other account data-that identifies customers or employees.
If this sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach - losing your customers' trust and perhaps even defending yourself against a lawsuit-safeguarding personal information is just good business.
According to the FTC's Guide for Businesses", a sound data security plan is based on 5 key principles:
- Take Stock. Know what personal information you have in your files or on your computers.
- Scale down. Keep only what you think you need for your business.
- Lock it. Protect the information you keep.
- Pitch it. Properly dispose of what you no longer need.
- Plan ahead. Create a plan to respond to security incidents.
To view the entire "Protecting Personal Information - Guide for Businesses" brochure, please go to http://business.ftc.gov/documents/bus69-protecting-personal-information-guide-business.
Protect Your Business When Banking Online
Online banking has made it easier and more convenient to manage business finances, but it also provides an opportunity for hackers to gain access to business accounts with the goal of making unauthorized money transfers.
According to Visa Inc., most data breaches occur at the small business level with many of small businesses lacking even simple antivirus protection.
Consider these tips adapted from Data Security-Made Simpler:
1. Initiate a "dual control" payment process with your bank and employees. Ensure that all payments are initiated from your bank accounts only after the authorization of two employees, one to authorize the creation of the payment file and a second responsible for authorizing the release of the file.
2. Have dedicated workstations. Restrict the use of certain workstations and laptops solely for online banking and payments, if possible.
3. Use robust authentication methods and vendors. Make sure your financial service providers allow for "multi-factor authentication" requiring more than just a user name and password to access your account.
4. Update virus protection and security software. Ensure that all anti-spyware, anti-malware, and security software and mechanisms are robust and up-to-date for all computer workstations and laptops used for online banking and payments.
5. Reconcile accounts daily.
Monitor and reconcile accounts daily against expected credits and withdrawals and notify your financial institution immediately of any unexpected activity.
In addition, if you notice anything suspicious or unusual with your account, or account balances, immediately contact the bank.
Additional Websites and Information on Identity Theft & Fraud
These websites contain more information on securing sensitive data and protecting yourself or your business from identity theft and fraud. If you have any questions, please contact the bank Security Officer.
Fraud Awareness & Prevention Checklist
-Fraud Advisory for Consumers: Involvement in Criminal Activity through Work from Home Scams focuses on the growing work-from-home scams that are causing more and more consumers to lose money and potentially face criminal charges. An example of a work-from-home scheme, tips on how consumers can protect themselves and industry links are included within this advisory.