Some businesses have to keep a lot of secrets. Lawyers and accountants have to keep their client’s dirty laundry private. Inventors and software companies have to make sure competitors can’t run off with the secret blueprints they’ve spent years refining. Even if you’re not in a world where secrecy is important, you still have secrets to protect. Maybe it’s pricing: if all your customers found out what a good deal you were giving your old roommate, they’d all demand the same, and your margins would be sunk. Maybe it’s worker records: if someone runs off with the W2s for all your employees, files bogus tax returns for all of them, and causes everyone to spend 40 hours apiece to iron things out with the IRS over the phone, your whole company is going to be angry for a couple months and productivity is going to tank.
Unless you operate your business out of an old Crisco tub full of cash on your back porch, you have secrets. Even then, you’d still probably prefer people not know about the Crisco tub.
As a small business owner, the secrets people will want to steal are the ones they can easily turn into money. You can think of almost all of these secrets in 3 buckets:
How you handle money. May include:
Passwords to accounting or bank logins - with this, someone could login and drain your account.
Account history - with this, someone could find out how much have, how much you pay, and when, and find a weak spot in one of the above areas.
Worker info - ACH info, W2, medical history
The things your customers trust you with.
The acquisition contract that you’re redlining
How they pay you: ACH details or transaction history
Identity theft info: Credit card numbers, socials, medical records
Design files: Have a metal shop? How angry would your customer be if the CNC design file for their most recent product version ended up on the internet?
“Secret Sauce” - product blueprints, training materials, sales scripts
Weaknesses: tight on credit? Bluffing on a contract?
Customer lists and purchase history
Note about consumer info: There are some big costs to losing some kinds of personal secrets. If some jerk runs off with social security numbers or medical records, you have to notify everyone whose info you lost - expect to spend $5-$10 per person, plus legal fees starting at $5k, and maybe loss of business from angry customers and bad press. Losing medical records will also incur fines between $100 and $15k per person. If you lose credit card info, VISA and friends will fine you, and may even revoke your license to take credit cards.
Luckily, the same fixes work for protecting each kind of secret:
Don’t store it: The easiest way to make sure the wrong person doesn’t discover a secret is to not write it down. If you’re a dentist, maybe you don’t need to ask for everyone’s social on your New Patient Intake Form. If you run the neighborhood bar, maybe you don’t have to write down everyone’s credit cards when they’re setting up a tab. Do you run a consulting company? Maybe you can delete most of the customer files when the gig is up.
Store it in a protected place: If you sometimes need a secret, try to only store it in one place, and protect that place. If a sales rep loses a laptop, it’s suddenly a bigger deal if there are customer lists and pricing that can be seen by anyone who turns it on. If you do this, make sure the place you choose is reliable.
Make it harder to log in: lots of accounts let you choose extra hoops you need to jump through to prove that you are you. Setting these up makes it much harder for jerks to break into your accounts. See the login guide for the best options.
Use online services: Highly-paid business consultants always tell you to focus on what you’re good at, and outsource the rest. This is especially true with computers: the easiest, cheapest, and most secure solution is usually a monthly internet service. There is usually strength in numbers - popular services are often the most secure. See our roundup of recommended online services.
Encrypt it: encryption is a kind of math that computers can do to keep information secret. It usually needs some kind of password to work: if you have the password, you can see the information. Usually encryption is easy and comes with anything modern. There are two exceptions: phones and laptops. If your phone or laptop has big enough secrets to give you a headache if they got stolen, consider encrypting it. You’ll have to put in a password whenever you turn it on, but that’s the point.
When your plan is done, it's time to do it.