If you don't need it, don't collect it. This seems obvious, but many businesses collect more information than they need. The marketing side of the business considers any customer information valuable if not now then in the future. The more customers you have, the more tempting it becomes to a thief and the more damaging it is to your customers if the information is stolen.

If you need it only once in the course of business, don't save it longer. Companies sometimes collect information that's necessary to complete a single transaction, and then compulsively file that information away (either in a paper file or in a computer file). For example, what happens to job applications for people you don't hire? These contain all sorts of personal information, including the all-important social security number. Again, if you aren't required by law to keep the information, and you seldom, if ever, use it, then get rid of it properly. If you don't keep it, it can't be stolen.

If you've got it, but you don't need to save it, dispose of it carefully. A good deal of identity theft happens in the trash barrel or dumpster. Even the smallest business can afford an inexpensive paper shredder. Make sure you use yours to destroy customer or employee records.

If you have to keep it, think security. First, make sure those paper records that contain personal information are kept under lock and key when they aren't in use. Make sure computer terminals are password protected. Limit the eyeballs that have access to these records - only those who have an absolute need-to-know should have access to personal information. Don't allow customers or others to wander around the private areas of your business.

Don't broadcast personal information. How often have you stood in line at an office or store behind someone who was being asked to give his/her social security number or telephone number or birth date? How many times have you watched a company's employee pull up personal information on a computer screen that was visible to other customers? Or seen personal information on a file that was left open on a desk or counter. Instruct your employees to be sensitive to these issues. Turn computer screens so they can't be viewed by anyone other than the operator. Instruct employees who need to have personal information to have customers jot that information down, not repeat it out loud where it can be overheard by others. Don't put personal information like account numbers in billings or letters where that information is visible through windows in the envelope.

Don't give out employee or customer information to anyone whose identity can't be positively confirmed. Information thieves and stalkers tell authorities over and over how easily they were able to obtain all sorts of valuable information simply by calling small business owners or personnel departments and asking. Posing as government agencies or credit grantors or health insurance providers, these thieves have found that a well-crafted, believable story can often get past the best locking file cabinets or password-protected computers. Your organization should have very strict policies on when and how employee or customer information is shared.

Locks and alarms are a real deterrent. If you've done everything we've suggested, your records -- and your customers -- will be more secure during business hours. Make sure you're at least as secure when your business is closed. Make sure all vital records and offices are locked during non-business hours. Exterior doors should have deadbolt locks. Hinges on exterior doors should be secured to prevent removal. Exposed windows should be protected with bars, screens or shatter-proof glass. The business' exterior should be adequately lighted from dark to dawn. Naturally, the business should be protected by an alarm system, preferably one that is monitored by a security company. Your business insurance company -- or, in some cases, your local police - may be able to assist you with a security assessment.

Finally, watch your employees, especially those who handle sensitive customer information. Today it is fairly easy to walk into an office, install an 8 gigabyte flash drive, and walk off with a million record database in a matter of minutes. And many office thefts and embezzlements are performed by internal employees rather than outside thieves. Make sure to scrutinize the background of your chosen employee before placing him or her in the sensitive role, and make sure to have checks and balances to monitor their performance. The number one mistake businesses repeatedly make with internal employees gone bad is that they trusted their people 100 percent and never assumed they would go criminal. And it happens frequently.