Did you know that the trash your cleaning company removes from your facility every day is a target for identity thieves? Communal trash cans often hold receipts, notes, and other paperwork that can expose critical information to criminals. Modern thieves are skilled at piecing together seemingly harmless information into data attacks.
Between 2013 and 2015, the percentage of small businesses that dealt with identity and fraud attacks increased from 18 to 31 percent. Business identity theft cost the U.S. economy $15.3 billion in 2016, up from $13 billion the year before.
Research shows that while business owners are becoming more aware of cybercrime in general, they’re not addressing critical flaws right within their own buildings. Fully 71% of small business owners are not actively taking steps to address security risks.
Let’s take a closer look at how you can protect your business against this kind of crime. It starts with identifying your riskiest zones.
Try to guess which part of your business is the most vulnerable to identity theft and cyber attacks. It’s not computers or credit card machines: It’s your employees. Employees are the #1 cause of company security breaches.
Most of these breaches are unintentional. As your workers go through their normal routines, they probably don’t think about all of the ways they expose your company to risk.
The Identity Theft Resource Center, a nonprofit dedicated to educating people about protecting sensitive information, examines how thieves steal data. Often, thieves trick employees in a process called social engineering: gathering clues and manipulating people.
For example, an identity thief might call your employee, posing as a new vendor who wants to earn your business. They request an email address and the name of your current vendor.
Later, the thief could send a spoofed (fake) email from that address to your actual vendor, requesting a password reminder. Using the password and email address, they can log into your vendor account, re-route deliveries, and steal your merchandise.
As another scenario, imagine that one of your accounting employees jots down a password to your billing system on a sticky note. After taking a few moments to memorize the password, she crumples up the note and tosses it into the trash can.
When your cleaning company takes out the trash, the sticky note is placed in a large bag full of other company trash. There are scraps of information like employee names and the logo of your billing system. Suddenly an identity thief has everything they need to log into your billing system and wreak havoc: website, employee name, password.
Employees also accidentally reveal information on social media sites like Facebook and LinkedIn, which are a treasure trove for thieves. Social media users innocently reveal words they might use as passwords, like children’s names, pet’s names, and favorite bands.
Sometimes thieves send fake friend requests, either posing as someone you actually know or appearing as someone you might want to know, like a customer interested in your business. But they’re actually gathering pieces of data to use against you.
Your workplace also has a variety of potential vulnerabilities in its processes, systems, and equipment. The U.S. Small Business Administration warns businesses of these common cybercrime risks:
Day-to-day document sharing is another source of information theft. In the normal course of business, employees share memos, spreadsheets, legal notices, and other sensitive documents.
Protect documents by using a secure electronic document storage and transmission system. Restrict access to certain high-security documents, and assign an approval tree of people who can allow access as needed.
Electronic systems usually have some sort of archive and tracking feature that allows you to review who’s accessing your documents. Assign someone to review this periodically for unauthorized users, like former employees.
All thieves love getting their hands on cash. Yet cash continues to be one of the most loosely-monitored aspects of many small businesses. This is true of both actual currency and electronic cash flows. When a few dollars go missing here and there, it’s usually not viewed as a major problem.
Hackers sometimes use small transactions to test whether anyone is paying attention. If they find a way to deduct a small amount of money from your systems each week, and you don’t crack down on it, the thief has an easy flow of stolen money.
In fact, enterprising thieves resell credit card numbers and small-transaction revenue streams to the highest bidder. It’s like black market eBay, where the winning bidder gets your company’s sensitive information.
The Association of Certified Fraud Examiners recommends the following steps for locking down cash flows:
Most security experts say that if a hacker is absolutely determined to get sensitive information from your company, they have a good chance of doing it. But that doesn’t mean you can’t affect the odds.
Prevent fraud and identity theft by hiring good people, establishing security rules, and making sure that when your cleaning company takes out the trash, they aren’t taking your company secrets with it!
Don't wait, call or contact us for help today!
An independent business licensed to serve you by ServiceMaster Clean
Copyright 2023 | ServiceMaster Commercial Cleaning