When we think of identity theft, it’s easy to focus on personal identity theft and how millions of consumers are affected every year – but business identity theft is just as serious, and has far-reaching damages not only to the business owners, but local economies as well.
Personal and business identity theft are nearly the same, in that criminals will assume a stolen identity for profit. However, business identity theft can go undetected a bit longer, for reasons which we’ll explain later in this article – and thus, business identity theft is a more lucrative route for more sophisticated criminals, rather than traditional personal identity theft. For more information, you can read this helpful article on what identity theft means.
How does business identity theft work?
Similar to personal identity theft, criminals will use a variety of methods to obtain business credentials, and use a business’ identity for the purpose of filing fraudulent tax returns, or opening false lines of credit (business lines of credit are generally much higher than consumer lines of credit).
Whereas an individual would almost immediately notice suspicious bank account activity, it could take a business much longer to notice. Spending $2,000 with an individual’s stolen credit card would surely attract immediate scrutiny, but for a corporation, this would be like a needle in a haystack.
Some methods and techniques involved in business identity theft
- Using your Employer Identification Number for filing fake tax returns.
- Hacking into your internal email server and sending fraudulent wire transfer requests.
- Physically planting unsecured WiFi hotspots around your office so that unsuspecting employees connect to it.
- Spoofing the email addresses of higher-level executives and sending requests for information to employees.
- Intercepting a business’s physical mail to obtain bank statements, human resource files, and other sensitive documents.
Those are just a small handful of techniques criminals can use to commit business identity theft. In the next section we will outline some general guidelines for protecting your small business from identity theft.
How to keep your small business protected
Go as paperless as possible
As mentioned earlier, criminals may try to intercept your physical mail to obtain documents they can use in fraud. While going entirely 100% digital may not be an option for all businesses, the less paper you deal with the better. Digital accounting and statements, tax filing, and anything else you can switch to digital will prevent physical theft of business documents.
However, once you go digital, you’ll need to heighten your focus and awareness on cybersecurity practices, which we’ll expand on. As for the areas of your business where going paperless is not an option, you should invest in a quality paper shredder. Criminals going through your trash and piecing together ribbons of shredded documents is not only something in the movies, so make sure you invest in a shredder that really dices those paper files to bits.
Establish strong digital security practices
Promoting digital security ethics begins with top-level leadership of a business, and you can hardly expect employees to follow the best safe practices if you can barely remember to change your own passwords. Fortunately, there are many tools and methods of making digital security more convenient and less time-consuming.
- Store data in the cloud: Cloud storage solutions offer better security than local storage formats, as physical attackers and malware will not be able to simply copy the contents of local storage onto a flashdrive.
- Train your staff: It is important that your employees understand the basics of cybersecurity and safe online behavior. Providing access to cybersecurity training courses is something you may consider to improve digital security practices within your business.
- Multi-factor authentication: Within a day of posting one of my Gmail addresses on my YouTube channel for business inquiries, I received a notification from Google that an IP address in Vietnam was attempting to access my Gmail account. I immediately denied the request. Even if the attacker were able to successfully bruteforce my password, I could still prevent them from logging in with multi-factor authentication. This can be applied to your employees email accounts as well, whether through Gmail or third-party tools.
- Automatic software updates: Many cybercriminals are able to gain entry into systems through exploiting known security flaws in the software on your operating system. By keeping your software up to date, you’ll be able to relax a little knowing that you have the latest security patches that close known holes in software systems.