When I first co-founded a business many years ago, we did not spend much time thinking about security. We were too busy trying to get everything else done. This changed when we raised money from venture capitalists who insisted that our security be increased to protect their investment.
In general, a few tips for reducing threats:
Like most preventative measures, it is less expensive than dealing with the consequences, but it does take time.
If your server room is locked, but the person in charge of the backups keeps the key in his desk in his cubicle - your server is not secure! If your HR person has access to all the digital employee files, but keeps his or her password taped to the side of the computer, that data is not secure.
This will cause much grousing, but it's your business and their jobs, so they will have to live with it.
You should back up your data daily. Every week you should have a week end backup that is taken off site and stored. Annually backup your data and keep it in a safe deposit box or with your attorney.
If you outsource your IT, the company providing these services should be able to provide this for you.
This is why Home Depot sells those wireless door bells. They are cheap. I am always amazed when I can walk into a business with no receptionist and wander the halls freely.
This is both security for your business and for your employees.
This person is in charge of understanding possible threats and determining the best prevention. He or she should also receive training in what to do in case of an intrusion, digital or otherwise.
Another area of security is internal fraud, specifically employees stealing from you. As the security officer of one previous company, I was required to take a class on internal fraud. The characteristics of the offender tended to be (1) male, (2) in his 20s, (3) college educated, and (4) had never committed a crime before. Not to say that a 50 year old female, high school drop-out criminal will not commit the crime, but statistically those were the characteristics that came up most often.
Usually what happens is the perpetrator is in a bind, can't make a car payment, rent, doctor's bill, and he starts with just "borrowing" money or items to pawn from the company. He has full intentions of "paying it back." But the reason he got stuck in the first place still exists, so he have to steal more to cover up the first crime, and on and on it goes.
To prevent this type of fraud, have strong accounting policies and procedures. Have revenue checks come to a PO Box. Have a different person sign the checks than the one who creates them. Allow only one person to do the ordering for the company and keep an inventory of what each employee has. For instance, memory sticks disappear really easily. Yes, an occasional one gets lost, but some one who loses them constantly may have a problem.
Ask your accountant for assistance is creating these policies and procedures and have your books audited or reviewed at least annually.
Although it is possible to go overboard on security, I know very few companies that actually do and most don't even come close to basic security. Make sure your company is not one that gets caught saying "but she seemed so trustworthy, I can't believe that she stole from us."
In 2002 I decided I wanted to have a pool built at my home so I could escape the Florida heat during the summer. I was also having a child and I wanted to make sure I could teach my daughter to swim at an early age. I found a pool builder and I contacted a mortgage company to obtain a home equity line of credit. I used a local lender who was a friend of the family and I gave him my information over the phone and we scheduled a date for him to come to my home to complete the paper work.
A week later the lender came my house and we sat down at my kitchen table to go over the paper work for the line of credit. The first thing out of the lender’s mouth was “what’s going on with your credit report?” I told him that my credit report should be fine and he said “look at this” as he unfolded my long credit report. It’s a good thing that I was sitting down because if not I would have fallen down.
My credit report showed nearly 2 dozen insufficient funds (bad check) entries. I was stunned because I use a check card and rarely write checks. I was also embarrassed because the lender who was a friend of the family obviously thought I was responsible for the horrible credit report. Being a seasoned Police Officer, I examined the credit report and I noticed something suspicious. All of the bad checks were written in December of 2000. The 1st bad check was written at a ladies clothing store in the city where I live and the rest were written in stores across the state of Florida and Mississppi. It appeared that someone was writing bad checks as they traveled from the city where I live to Mississippi.
My credit report listed many collection agencies that were trying to collect money from me. What was strange was that I had never been contacted by any of these collection agencies. Why had these collection agencies not called me or written me letters demanding money? I called all of the collection agencies and I learned that the the person who opened the bank account in my name had changed my last name by changing 1 letter and they used a home address of a home in Mississippi. The suspect(s) used my correct date of birth and social security number.
I called the bank where the account was opened with my information and because 2 years had passed, there were no hard copies of the checks. All of the checks were now on microfilm which meant we could not get any finger-prints. I was hoping we could get a hard copy of a check because we could possible get a finger-print of the suspect. I called all of the collection agencies and I quickly learned that being a victim of identity theft is a nightmare. I had to fax or mail copies of the Police report to all of the collection agencies and I made hundreds of phone calls. Many of the people at the collection agencies were rude and did not want to deal with me because they are only interested in collecting money. It took 2 years of hard work to finally get my credit report cleared up. A Fraud Detective where I work began investigating the identity theft but nothing was ever uncovered because all of this happened 2 years prior.
Approximately 6 months after I discovered the identity theft there was a break in the case. I came home one day in the early afternoon and one of my neighbors said she wanted to speak with me. What my neighbor told me was almost unbelievable. She told me that the previous day she had come home for lunch and she was sitting in her parked car in her driveway. She watched as another neighbor on our street drove up to my house and he parked in front of my mailbox. We have mailboxes on the curb in front of our homes where I live. This neighbor reached out of his car window and opened my mailbox and he began going through my mail. The neighbor telling me the story said she could not tell if any mail was stolen. She watched as he closed me mailbox and drove to his home.
I live on a quiet cul-de-sac where everyone is very friendly and it’s common knowledge that I am a Police Officer. There is also another Police Officer who lives on the same cul-de-sac. My neighborhood is called “Copville” because so many Police Officers reside there.
The thing that floored me the most was the neighbor who was seen going through my mail was what I considered a friend. This man was married with 2 kids who frequently played at my house. I had even allowed this man to play on my Police Dept softball team where he was the only person on the team who was not a Police Officer. This man was a handy-man and he had been inside my house installing toilets and other odd-jobs. I had loaned and given this man so many things over the years because he and his family were often struggling financially. I was so mad that I feared I might grab this man by the neck when I saw him.
I thought about confronting him but I decided on another route. I called the United States Post Office and asked to speak with the Postal Inspector’s office. My neighbor had witnesses this man going through my mail so I felt the best route was to report this to the Postal Inspector. I was told that the United States Post Office would send me a packet to fill out to report the mail theft. A week later I received the packet in the mail and I completed all of the forms. I sent the packet to the United States Postal Inspector’s Office and nothing was ever done.
I did a background check on my neighbor and I found that he had been in prison for dealing in stolen property. He had several arrests which included drug charges. I then ran a check on my neighbor’s wife and found that she had been arrested previously for writing bad checks. I could not believe that these people living on my cul-de-sac were criminals. It was then that I understood that we don’t know our friends and neighbors as well as we think. This man and his family moved out of state 1 year later and I have not see or heard from them since. I have a feeling they moved because they may have felt that I suspected them of the identity theft. I never confronted them but I did let them know that I had been the victim of identity theft.
I now check my credit report 3 times a year and you should do the same. I use Equifax to check my credit report and it’s rather inexpensive. Investigate your report and take action if you see anything suspicious. I hope to never go through that nightmare again and I hope you don’t either. I use a shredder to shred my important papers and I also use a post office box for my mail.