ActionFraud - National Fraud & Cyber Crime Reporting Centre - Call 0300 123 2040

Know your assets

The issue

Your assets give your business its value. They can range from tangible objects like buildings, stock and money, to more intangible things such as customer data and even your written ideas. But what these things all have in common is that they are worth something to your business – and they are worth a great deal to fraudsters as well.

As a responsible business owner, you’ll want to protect your assets to make sure that your finances and reputation are not affected. But this responsibility is also a legal obligation in certain areas, as unless you take steps to protect your assets you could be liable for a big penalty – for example, failure to adequately protect your customer data or other personal information could result in a fine under the Data Protection Act.

The threats

There are many ways that your assets can be targeted and misused. They can be directly attacked and stolen, embezzled from within your business, or taken virtually using computers and the internet. They can also be used to enable further crimes – for example, the theft of sensitive corporate documents could allow a fraudster to misuse your business’ identity and take out a loan in your name.

Here are some of the more specific ways your assets can be targeted:

Self protect

Every business will have different assets and different ways to protect them, but you can get things right in your business by beginning to think along the following lines.

Identifying and monitoring assets

To protect your assets, you first have to know what they are. Make a list of all your key assets, both tangible and intangible, and then start to think about how secure they are (to both internal and external threats). Remember that sometimes the value of an asset may not be immediately apparent. Data is a good example of this, as a loss could be used to facilitate a fraud against your company or a third party. Once you have identified and thought about ways to secure your assets, you should put in place processes to regularly monitor their status and check all is as it should be.

Securing your assets

Restricting access to your assets is common business sense. You wouldn’t leave stock or valuable equipment somewhere that anybody could take it, so you also need to think about how you can stop unauthorised people accessing some of your more intangible assets, such as your data. This can include physical controls to restrict access, but also more technical measures to ensure your IT data is protected. The Small Business Guide shows how to improve cyber security for small business.

Protecting your identity

Your brand and reputation will always be one of your most valuable assets. Unfortunately, fraudsters may try to profit from your identity too, stealing it to make money from identity theft and related fraud. If you don’t take steps to protect your identity, you could suffer a direct loss through fraudsters gaining access to your business’ bank account, or other serious problems such as a tarnished reputation, manipulated public records and an adverse credit rating.

Gov.Uk is a good resource of information on the risks of corporate identity theft and how to prevent it.

Protect your intellectual property

Intellectual property can be anything from written documents all the way through to physical products you have developed. Your intellectual property is something your business has created that is unique, and because it is unique it can give your business a competitive advantage. But this will also be of great interest to the fraudster, who may attempt to steal it or deceive you into handing it over.

Protecting your data

Every business that accepts payment cards and online and offline payments need to be compliant with PCI Data Security Standard (PCI DSS). Keeping your customer’s payment card data secure is very important. If you are not compliant you could be responsible for any consequential losses through fraud, and may also face considerable fines. The number of transactions processed by your business will determine the specific compliance requirements that must be met.