The issue
Your assets give your business its value. They can range from tangible objects like buildings, stock and money, to more intangible things such as customer data and even your written ideas. But what these things all have in common is that they are worth something to your business – and they are worth a great deal to fraudsters as well.
As a responsible business owner, you’ll want to protect your assets to make sure that your finances and reputation are not affected. But this responsibility is also a legal obligation in certain areas, as unless you take steps to protect your assets you could be liable for a big penalty – for example, failure to adequately protect your customer data or other personal information could result in a £500,000 fine under the Data Protection Act 1998.
The threats
There are many ways that your assets can be targeted and misused. They can be directly attacked and stolen, embezzled from within your business, or taken virtually using computers and the internet. They can also be used to enable further crimes – for example, the theft of sensitive corporate documents could allow a fraudster to misuse your business’ identity and take out a loan in your name.
Here are some of the more specific ways your assets can be targeted:
Self protect
Every business will have different assets and different ways to protect them, but you can get things right in your business by beginning to think along the following lines.
Identifying and monitoring assets
To protect your assets, you first have to know what they are. Make a list of all your key assets, both tangible and intangible, and then start to think about how secure they are (to both internal and external threats). Remember that sometimes the value of an asset may not be immediately apparent. Data is a good example of this, as a loss could be used to facilitate a fraud against your company or a third party. Once you have identified and thought about ways to secure your assets, you should put in place processes to regularly monitor their status and check all is as it should be.
Securing your assets
Restricting access to your assets is common business sense. You wouldn’t leave stock or valuable equipment somewhere that anybody could take it, so you also need to think about how you can stop unauthorised people accessing some of your more intangible assets, such as your data.
This can include physical controls to restrict access, but also more technical measures to ensure your IT data is protected. Get Safe Online provide detailed advice on what you can do to protect yourself, in terms of both your physical and data security. The Information Commissioner’s Office has also developed a practical guide specifically for small businesses on how to protect personal data.
Protecting your identity
Your brand and reputation will always be one of your most valuable assets. Unfortunately, fraudsters may try to profit from your identity too, stealing it to make money from identity theft and related fraud. If you don’t take steps to protect your identity, you could suffer a direct loss through fraudsters gaining access to your business’ bank account, or other serious problems such as a tarnished reputation, manipulated public records and an adverse credit rating.
One of the ways fraudsters may target you is to change your details filed at Companies House, so in response they offer a Protected Online Filing (PROOF) service to help you self-protect. The Fraud Advisory Panel has also produced a factsheet giving more information on the risks of identity fraud for your business and how to prevent it.
Protect your intellectual property
Intellectual property can be anything from written documents all the way through to physical products you have developed. Your intellectual property is something your business has created that is unique, and because it is unique it can give your business a competitive advantage. But this will also be of great interest to the fraudster, who may attempt to steal it or deceive you into handing it over.
Fortunately, you can take steps to protect your intellectual property even in the event it does fall into the wrong hands – get started here.
Protecting your data
Every business that accepts payment cards and online and offline payments need to be compliant with PCI Data Security Standard (PCI DSS). Keeping your customer’s payment card data secure is very important. If you are not compliant you could be responsible for any consequential losses through fraud, and may also face considerable fines. The number of transactions processed by your business will determine the specific compliance requirements that must be met. More information can be found here.