Identity theft is the fastest growing crime in the world and it doesn’t happen to only private individuals, businesses can have their identity hijacked as well. One of the common tactics used by identity theft fraudsters is phishing.

Phishing occurs when a fraudster sends a fake email purporting to come from a legitimate business (banks, credit card companies, government departments, PayPal, and eBay are popular choices) that includes a request for personal identity details.  The explanation will sound very plausible, such as to verify your identity with the organisation. It usually includes a threat to prompt you to take action – “We will have no choice but to suspend your account” or similar. When you follow the link it takes you to a site that looks like the genuine one, but is in fact a copy created by the fraudster. As you put your details in it logs them and allows the fraudster to use them to access your account on the genuine site or use your details for fraudulent transactions elsewhere.

Business owners, or their employees, who fall for one of these scams and supply business related identity data (a business registration number or business credit card details, etc) have supplied the fraudster with valuable information. The phisher has, in effect, stolen their identity.


For a business, that can be very bad news. Fraudsters can use this information to open bogus accounts in the name of the business or even, in extreme cases, set up a clone of the company and run up debts in its name. Business identity theft often damages or destroys the victim’s credit rating and, in the process, the business itself. Not only does it face problems with creditors and vendors, it could also find itself unable to fill orders and conduct business normally, potentially losing customers along the way. If the business has allowed customer information to be stolen then they must be notified and that admission won’t make for good publicity or do anything for customer loyalty.

Some things you can do to prevent phishers landing you:

Don’t fall for a phishing email

Even if you think a request for information may be legitimate, don’t click the links in the email to visit a website in case it leads to a phishing site. Instead, type the website’s address by hand to ensure that you go to the organisation’s real site. If you do have an existing relationship with the supposed originator of the email then call the organisation to confirm that the email is legitimate before responding.

Create strong passwords

A strong password includes a combination of numbers, capitalised letters and symbols. It should NEVER include whole or partial pieces of identity data such as driver’s licence number, name or birth date. Having created strong passwords, get into the habit of changing them periodically.

Don’t use unsecured computers

The computers you find at Internet cafés, libraries, in hotel rooms and the like should automatically be assumed as unsafe for the transfer of identity data. Wi-Fi networks present even more opportunities for identity thieves. The easiest way to protect a Wi-Fi network at home is to not broadcast the Service Set Identifier. Sending identity data over a public Wi-Fi connection is simply a no-no.

 Guard your data

To be protected across the board a computer must have good anti-virus software, as well as anti-spyware and firewall protection. Keep them updated — scammers are constantly devising new attack methods and constant vigilance is necessary to stay safe.

Only transfer information over a secure server

Ensure that websites you transfer identity data to are utilising an encryption system. Look for the ‘lock’ icon on the status bar at the bottom of your browser window. In addition, check the beginning of the URL or web address — if it starts with ‘https://,’ rather than just ‘http://,’ you’re on a secure server. Data is then encrypted as it is being transmitted so that, even if it is intercepted, it can’t be read.

Think you’ve been hooked – here’s what to do

The best way to prevent identity theft is to stay active and aware. Review your bank accounts and credit card statements each month for any suspicious activity and immediately investigate anything that seems odd. If you believe you have been the victim of phishing then alert your local law enforcement officials, bank, and credit card agency immediately so they can investigate the incident. It’s important that the compromised accounts are watched or closed to prevent further fraudulent transactions using them.

Writing up an employee manual is usually way down the bottom of the to-do list for an SME owner — usually just above writing up their policies and procedures manual!

But in the long run you can save yourself a lot of time by getting your HR procedures down in print once, instead of having to explain them numberless times. There are other decisions, such as whether to offer severance pay or not, where you won’t want to be making off-the-cuff decisions each time someone terminates employment. That’s the wrong time to make serious decisions like this and can lead to inconsistent, and possibly illegal, treatment of people. Employment procedures should be developed before you have to follow them so you don’t have to make up policy in a situation of urgency. Finally, there are some employment issues about which the law absolutely requires you to provide information to your employees in writing, such as the rules on sexual harassment and equal opportunity.  All in all, time spent putting together a set of guidelines on core employment issues is time well spent to keep you in compliance with the law and protect you from the consequences of litigation by unhappy employees. Keep these tips in mind when developing your employment manual.

Don’t reinvent the wheel: there are plenty of employee handbook templates around that will provide an outline of what should be included. Some include written versions of policies that can be modified to suit your particular business and situation. If you decide to buy an off-the-shelf manual, check that the supplier guarantees it has been developed by HR professionals, complies with employment law and is up to date. If you have standard forms already for things like leave requests, then include a copy of each form with the relevant policy.

Letting your customers set your standards is a dangerous game, because the race to the bottom is pretty easy to win. Setting your own standards ~ and living up to them ~ is a better way to profit. Not to mention a better way to make your day worth all the effort you put into it.

~ Seth Godin

For those who haven’t experienced a disaster first hand it’s difficult to imagine, even from the graphic images fed to us by the media, the realities of the situation. What pictures cannot convey is the frustration of an owner watching their business suffer through the several days or weeks during which power is unavailable, transport facilities are out of operation, communications are down and access to the premises is prohibited. It’s exactly those restrictions that can spell the death of a business caught up in a disaster and unprepared to deal with the consequences.

Are you prepared? Ask yourself these questions, they cover some of the most critical aspects of keeping the business afloat after a disaster.

1.      Have you audited your premises to assess how well they would stand up to the type(s) of disaster most likely to occur in your region?

2.      Do your premises have emergency backup power and lighting sources?

3.      Could you quickly obtain temporary equipment and replacement stock to keep your business going?

4.      Do you have access to a secondary site from which to operate your business if your primary location was damaged?

5.      Do you have an alternative source of supply if it is your supplier who suffers a disaster?

6.      Are your vital records (accounts, customer data, inventory records etc) backed up with a current version stored in a safe place?

7.      Do you have current and multiple contact information (e.g., home and cell phone numbers, personal email addresses) to communicate with your employees if a disaster prevented them from coming in to work?

8.      Have you consulted with an insurance professional to determine if your insurance coverage is adequate to help you get back in business following a disaster?

With disasters, both natural and man made, now very much in the spotlight, numerous government agencies and business organisations have developed information brochures and programmes advising SMEs on how to mitigate the effects of a disaster and speed recovery.

In developing a disaster plan and dealing with the aftermath your accountant should be one of your most valued partners. The weeks and months following a disaster can be confusing and difficult with numerous financial issues and personal concerns to address. People who have been through a traumatic experience often have difficulty making sound decisions. Your accountant can help you develop a financial recovery plan for regaining your financial footing following a disaster by reconstructing lost records, documenting income lost as a result of the disaster, preparing and defending insurance claims, acting fast to apply for loans and grants and applying for tax relief concessions.

Many businesses that are forced to close after a disaster never reopen at all. SME owners who educate themselves in disaster management and have a planned process for returning to normal operation maximise their chances for recovery.