In recent columns, we’ve discussed the importance of online reputation management, the use of encryption to prevent data breaches, and the dangers of not properly securing business social-media accounts. None of these topics exist in a bubble; defending business assets requires an intermeshed approach that addresses myriad issues simultaneously.
Many of those issues fall under the legal umbrella. We met with Erik Bolinder, a business attorney with the firm Exceed Legal in Boise, for his views on business-asset protection.
According to Bolinder, there are two main aspects to asset protection: “First, protecting the assets of the business from internal or external theft, and second, guarding the assets of the business against the reach of third parties resulting from a significant liability event.”
You can’t protect an asset until you define what that asset is. A business needs to be able to identify its assets, both tangible and abstract.
Digital Access for only $0.99
For the most comprehensive local coverage, subscribe today.
Bolinder agrees on this point, adding: “When most people think of the term ‘assets,’ they intuitively think of tangible products, equipment or cash. We usually do a good job protecting those assets. We have good door locks, safes, even sophisticated security systems.
“But, there are many other assets we sometimes forget to protect, or don’t quite know how to effectively protect, especially in the context of a business. Some are tangible, like customer lists, customer data, operating manuals, customized business forms, or intellectual property such as patents or tradenames. Some are less tangible, but maybe even more valuable to the health of a business. Things like established business relationships, customer relationships, employee relationships and even company goodwill.”
So how does one best protect these assets that cannot be physically locked in a vault?
Bolinder stresses the importance of access management and the creation of a system of checks and balances within the business. Rules and procedures should be in place to determine who can access what. At no point should one single person have the ability to embezzle or steal from the business. This seems like common sense, but especially with small businesses, it’s common for all users to have administrative access to servers, or for a single bookkeeper to be responsible for the business’s day-to-day financials.
Bolinder also stresses the need to establish agreements with employees, vendors and independent contractors:
“The essentials would include confidentiality agreements for those accessing sensitive information, agreements not to compete, agreements with employees not to solicit customers or employees if their employment is terminated, and agreements not to store, keep or remove sensitive data or information owned by the business. Most of this can be efficiently handled in one agreement or even in a company policy manual or employee handbook that employees agree to follow.”
He adds, “Too many times I’ve encountered situations where a business owner has lost essential information, either by theft or by some other event — anything from the action of a creditor to a lawsuit to an on-site accident — and had no way of recovery. I always recommend backing up anything essential from business assets to records and, especially, financial information.”
Finally, Bolinder recommends filing separate legal entities for the business, and that filing as a corporation, LLC or partnership (instead of a doing-business-as/assumed business name) can protect the owner’s personal assets. Many small businesses, especially one-employee operations, are simply registered as an alias of the business owner, but this can lead to disaster if the business ever faces a lawsuit.
“Keep business filings up to date and don’t use the entity as a personal piggy bank,” he says. “Avoid the temptation of using the company credit card for personal expenses and so forth.”
Neal Custer is president of Reveal Digital Forensics & Security, a subsidiary of Custer Agency Inc., and an adjunct professor at Boise State University. email@example.com. Written in collaboration with Dylan Evans, Reveal’s vice president of operations. This column appears in the Nov. 16-Dec. 20, 2016, edition of the Idaho Statesman’s Business Insider magazine. Click here for the Statesman’s e-edition, which includes Business Insider (subscription required).