Lorraine Rice
Certified Identity Theft Risk Management Specialist
BOSS Technologies

Do you have a clean desk policy?

Are your customer files under lock and key?

How secure is your bookkeeper’s computer?

These are just some of the questions a small business owner should be addressing.

“If you experience a security breach, 20 percent of your affected customer base will no longer do business with you; 40 percent will consider ending the relationship and five percent will be hiring lawyers,” says Michael Freidenberg in an article published in CIO Magazine.

“When it comes to cleaning up this mess, companies on average spend 1,600 hours per incident at a cost of $40,000 to $92,000 per victim,” he says.

Small business owners cannot afford to have this happen. So what can you do to assist in mitigating your damages?

The first step is to conduct a Risk Assessment of your business.

As a Certified Identity Theft Risk Management Specialist, I can conduct a Risk Assessment on your business, producing a free report that applauds what you are doing correctly in your business and itemizes areas that need attention.

The interactive online assessment is conducted at your business or in my office.

Recently I was asked to visit a small business to conduct the risk assessment and I was able to highlight areas of attention even before starting the assessment like the clean desk policy, securing employees personal possessions during work hours and not leaving customer information on the screen unattended.

As trusting Canadians, we assume that people we hire, either as employees or subcontractors, have our best interests at heart. In most cases, this is true however because we are so trusting of each other, security, data breach and identity theft are not first and foremost in our minds.

We presume identity theft is strictly financial. Therefore we automatically think bank account numbers and credit card numbers.

The typical small business owner says, “But I don’t collect those.”

My question to you is, “How do you get paid?”

The answer is usually by cheque and as small business owners we typically take two copies of that cheque – one for our accounting process and one for the customer’s file.

And depending on the nature of your business, you may be collecting other data that is known as nonpublic information, that if breached will have an impact on that person’s life or company’s existence. You may also be inadvertently breaking the Privacy Information Act.

It only takes one breach of security to provoke the statistics cited in CIO Magazine, or one incident to break the law.

The damage to the reputation of a business from a security breach could drive the business under, so compliance is as much a matter of survival as it is a matter of law.

Part of the issue is the misnomer amongst the general public-at-large that identity theft is just financial.

There are five areas of Identity Theft. They are, Medical Identity Theft, Driver's License Identity Theft, Social Insurance Number Identity Theft, Character/Criminal Identity Theft and Financial Identity Theft.

Each area of theft poses serious ramifications that if breached and used by someone inappropriately could result in your customer, supplier, subcontractor and/or vendor being wrongfully accused and/or falsely being arrested because of a criminal activity committed in their name(s), to being investigated by Revenue Canada and the list goes on.

Being aware of what practices you’ve implemented or not implemented in your business is the first step toward preventing this from happening in your business.

Instituting best-known practices in your business and enforcing them will assist with mitigating your damages should a data breach occur.

Take the first step and book your Risk Assessment. Take the time to gain the knowledge about what you’re doing right in your business and take a proactive step toward fixing what could conceivably cost you your livelihood – your business – your reputation.

* This article is intended for general information purposes only and is not to be construed as legal opinion or advice. Please consult your lawyer or Mills & Mills if you have a Pre-Paid Legal plan.

Lorraine Rice is a Certified Identity Theft Risk Management Specialist, obtained from The Institute of Fraud Risk Management and recognized by CFP (Certified Financial Planner Board of Standards) CLU (Chartered Life Underwriters), ChFC (Chartered Financial Consultants) and RFC (The International Association of Registered Financial Consultants). She is also a Small Business and Group Specialist and the sole-proprietor of BOSS Technologies for the past six years. She can be contacted at (705) 726-4211 or lrice@bosstechnologies.ca.