And according to Tim Zeilman of the The Hartford Steam Boiler Inspection and Insurance Company identity thieves are on the lookout.
Zeilman thinks small business leaders need to keep some things in mind.
ID theft is a big risk: Identity theft has topped the list of complaints to the Federal Trade Commission over the last decade, and that trend continued last year. There were more than 490,000 complaints of identity theft in 2015, and more than 220,000 tax and wage identity theft complaints.
Some thieves target income tax refunds: Identity thieves can use Social Security numbers and other personal information to collect other people’s tax refunds or apply for loans or jobs. The IRS routinely lists identity theft-driven tax fraud among its annual "Dirty Dozen" list of income tax scams.
The company is responsible for personal information: Almost every business keeps personal data on employees, customers, vendors and others and is responsible for the security of that information. It can be costly to respond to a data breach and there is also the potential of lost sales and damage to a company’s reputation.
Here are 12 tips small business owners can use to stay vigilant and protect themselves from hackers and cyber thieves who target vulnerable information.
- Secure your computers. Computer security software is a simple, effective way to deter cyber theft. Make sure all business computers are using appropriate, up-to-date software – including Internet browsers.
- Control computer use.Restrict employee usage of computers to business use. Do not permit employees to use file sharing peer-to-peer websites or software applications, block access to inappropriate websites and prohibit use of unapproved software on company computers.
- Bank with separate devices. Use a dedicated device for online banking and use a different device for email and social media. Visiting just one infected social site could compromise your financial accounts.
- Avoid recycling passwords. Don’t reuse them and don’t trust any website to store them securely.
- Train your employees. Establish written policies about data security and educate your employees about their responsibilities in protecting sensitive data.
- Always encrypt data.Mandate encryption for all data, and consider encrypting email that contains personal information. Avoid Wi-Fi networks, too, since they may permit interception of data.
- Update internal procedures. Don’t use Social Security numbers as employee ID numbers or client account numbers; develop another ID system. Make sure that your procedures comply with any applicable state or Federal laws as well as industry standards.
- Manage portable media. Smartphones, flash drives and other portable media are more susceptible to loss or theft. Minimize their use and allow only encrypted data to be stored on them.
- Destroy unnecessary information. Shred old tax forms and other paper files with information you no longer need. Destroy disks and other portable media before disposing of them. Use software designed to permanently wipe hard drives, or physically destroy them. Remember that many photocopy machines scan documents before copying, so set the copier to clear data after each use.\Minimize data collection. Reduce the volume of information that you collect and retain only what is necessary. Don’t collect or keep information you don’t absolutely need, and minimize the number of places you store personal private data.
- Safeguard necessary records.Lock physical records containing private information in a secure location, and restrict access to those employees who truly need it. Conduct employee background checks and never give temporary workers or vendors access to personal information on employees or customers.
Tim Zeilman is vice president for specialty products with The Hartford Steam Boiler Inspection and Insurance Company (HSB).