How safe is your business?

Identity theft is very real and enormously popular amongst increasingly sophisticated criminal circles. Luckily there are decisively easy ways of keeping them at bay, says Simon Tempest

 

A recent British television drama had a group of professional fraudsters stealing the identity of an aristocrat and then staging the sale of his country mansion to a self-made business woman. Far fetched? Perhaps not. I came across an article on the web recently describing the top 14 financial fraud scams in history. It seems identity theft is as old as the hills and the bogus sale of someone else’s property is not new. My favourite is the Frenchman who created for himself the authority to sell the Eiffel Tower and then sold it for scrap; not once, but twice.

“Interesting”, I hear you say, “but it could never happen to me”. Recently published    statistics in the US indicate that 3.7 percent of American adults have been victims of identity theft crime (Federal Trade Commission); extrapolating to Europe would indicate that 14.8 million adults have fallen victim to fraudsters. Research by the British Federation of Small Businesses claims that five percent of businesses have experienced corporate ID fraud; across the EU that’s one million businesses in the SME sector alone.

Corporate ID fraud is big and can be expensive, both in direct costs and time taken to resolve the consequences. There are many ways it can happen and businesses need to be aware and put in place processes to guard and protect their sensitive data, and that of their staff, customers and partners. Corporate identity fraud can happen through fraudsters changing companies’ details, the hijacking of web domains, fraudulent bank mandates and discarded papers in the rubbish. The impact can be considerable, damaging a company’s reputation, credit rating and profitability.

Identity theft is on the radar of the world’s legislators; US legislation obliges anyone employing one person or more to look after sensitive information. Failure could incur fines and leave the individual or company open to being sued or class actions. In Europe, the relevant EU Directive dates back to 1995 and mandates a framework of protection for personal information. Individual governments have enacted laws in response. In the UK, failure to treat sensitive data correctly can result in a fine up to £500,000 and if operating in sensitive sectors (e.g. Financial Services) there are more stringent penalties. HSBC was fined over £3m in 2009 “for not having adequate systems and controls in place to protect their customers’ confidential details from being   lost or stolen” (FSA).

Fortunately there are some simple steps that will reduce the risk of falling victim to corporate identity fraud. The starting point is awareness and not just at a senior management level, but throughout the organisation. Thereafter reviewing your specific data circumstances and putting in place a policy and action plan will greatly enhance your security. The following is a guideline:

1. Always verify the identity of customers, suppliers, business partners and employees;
2. Review online security arrangements; a firewall and wireless encryption are simple steps. More complex businesses dealing in e-commerce will need to consider secure payment systems and compliance with local legislation around the handling and storage of customer details;
3. Review all your information, not just paper-based. Think about all the data held by various departments whether in files, on PCs, etc. Classify the data, e.g. general, sensitive and confidential;
4. Define how each classification should be stored, accessed and destroyed.
Never allow company information (even seemingly innocuous things like company letterheads) to be thrown in the bin.

For more information contact: Simon Tempest, Senior Vice President, EMEA Marketing, ACCO Brands. email simon.tempest@acco.com
or visit www.rexeleurope.com/shredders

Related: