A Harvard University honors graduate and head of a thriving startup, 10 years ago businessman John Sileo was by all rights a smashing success. But then his entire life changed with a knock. At the door: An investigator for the Denver district attorney’s office, alleging that Sileo had stolen $300,000 from his clients.
Like hundreds of fellow businesses and government agencies each year, Sileo had been the victim of identity theft. But in this case, for the second time – and courtesy of his former business partner. More frightening still, as the Privacy Means Profit author and professional speaker warns, if it can happen to him, it can happen to anyone—especially you and your business.
“Even the most seemingly innocent data such as names, addresses and employment histories are at risk,” Sileo cautions. “While the media likes to talk about high-tech methods of data theft, the reality is that most crimes occur the same way they did 10 years ago–through human error. Every office is filled with potential hazards, from unshredded reports to computers left logged into private networks and sensitive documents that somehow end up in the trash.”
Having been victimized through both his own negligence (forgetting to destroy personal mortgage documents) and naiveté (allowing an untrustworthy associate to manage his firm’s accounting), Sileo can’t stress the importance of caution enough. Because even when justice is served, as in the case of his onetime partner, who went to jail for just 18 days and has since returned to private commerce, it’s often scant compensation for the loss of your reputation or customers’ trust.
Piles of sensitive data can provide a potential windfall to crooks, with prime targets including bank account numbers and credit card info. But other less obvious, yet just as juicy plums can also include customer data or employee records. Valuable intellectual capital ranging from your family restaurant’s secret recipe to firm’s client list acts like a beacon to criminal elements as well.
Unfortunately, points of vulnerability are vast and manifold. Everything from unshredded financial statements to out-of-date computer virus scanning programs or stolen laptops that have been left unguarded by software encryption can present a possible problem area. Nor is even your own desk safe anymore, as documents left on it overnight may fall victim to an unscrupulous member of the cleaning staff.
All it takes is a few scant crumbs of information to attract predators. Because once a scent’s obtained, they can quickly use this data to sniff out other, more sensitive details. Armed with just names, addresses and phone numbers, thieves can often con or compute their way into enough information to register credit cards, run up bills and otherwise wreak havoc in your company’s name.
Worse, such incidents can prove pricey setbacks. The average cost to an organization to recover from a data breach hovers at $6.75 million, with more than $54 billion in total damages racked up in 2009 alone, according to Javelin Strategy & Research. But that doesn’t count loss of productivity, customer goodwill or brand equity. Just ask Sileo, who spent more than 500 hours recovering his good name, suffered untold humiliation, had to rebuild his entire credit history and lost his family’s 40-year-old business personally cleaning up a similar mess.
Thankfully, “an ounce of prevention far outweighs a pound of cure,” he says, recommending several strategies to guard against data loss. Conducting simple employee background screening and reference checks makes a good starting point, he advises, including researching the credibility of supporting references themselves. All computer equipment that your business uses, including hard drives, laptops, USB keys and smartphones should be encrypted and equipped with a password as well. But most vital, Sileo says, is creating a corporate culture that supports preventative measures. Not only should employees be offered basic training that clearly illustrates the risks of not taking regular precautionary steps. Company policy should also make it simple and convenient to take part in the process.
“Part of the problem’s due to ignorance, some of it stupidity, and you also have to throw in some apathy and lack of awareness,” Sileo sighs. “People assume that they can protect their systems.”
But with inside theft (i.e., a carefully bribed janitor), dodgy software protection (beware unsecured WiFi hotspots, which hackers can monitor) and clever cons (a healthy fear of unsolicited emails/calls helps) growingly omnipresent dangers, consider. As the commercial sector moves more toward wireless solutions (“never use the same password for multiple purposes”) and cloud computing (“beware trading redundancy and scalability for control of your data”), you can never be too paranoid.
Not that guarding against identity theft needs to be an expensive or even time-consuming proposition. “Just think like a spy,” chuckles Sileo. “It never hurts to maintain a healthy sense of suspicion, or plan ahead.”