It takes blood, sweat, and tears to establish a successful small business. However, there’s one problem that can affect your bottom line negatively or even sink your business - identity theft. Beware: identity theft is on the rise in America for both businesses owners and consumers. In 2020 through April 10, 269 breaches were tracked that exposed 3.3 million records, reports the Insurance Information Institute.
Here’s what you need to know to identify and address business identity theft.
What is business identity theft?
Business identity theft happens when criminals pose as owners, officers, or employees of a business to illegally get cash, credit, and loans, leaving the victimized business with the debts.
What are examples of business identity theft schemes?
Business identity theft takes many forms. Examples include a variety of schemes involving the fraudulent use of business' information, including:
- Establishing temporary office space and/or merchant accounts in a business's name.
- Ordering merchandise or services with stolen credit card information or with bogus bank account details in the business' name.
- Scamming employees or phishing to get to a business' banking or credit information.
- Going through a business' trash and recycling bins for account numbers and other sensitive data.
- Filing bogus documents with the Secretary of State's office to change the business' registered address or the names of directors, officers or managers of the company, which can later help thieves, open lines of credit with financial institutions and retailers.
How can you prevent business identity theft?
1. Monitor your business’ credit profile
Your business best practices should include regularly checking your credit profile for fraud. Credit card fraud can include:
- Use of lost or stolen credit card data
- Account takeover
- Fraudulent applications
- Mail Intercept Fraud
- “Card Not Present” fraud
- Data breach
- Fake or altered credit
In order to make sure you haven’t been a victim of these scams, get your free credit report at one of the credit reporting agencies:
- Dun & Bradstreet (D&B™)
For in-depth information, visit the SmartBiz Small business blog: Business Credit Check: Where You Can Get Yours.
2. Use digital statements exclusively
Mail theft is a simple but common way for fraudsters who want to steal a business’s information. Bank statements, credit card bills, human resources files, and other mail can be used to stage an attack. Although you may not be able to go entirely paperless, it takes just minutes to switch bank and other financial statements to digital. You’ll save money, time, and protect your business from identity theft.
3. Shred, shred, shred
If you’re not able to save everything to the cloud or go completely paperless, invest in a good shredder and instruct your staff about how to use and what should be shredded.
4. Consider business insurance coverage
There are insurance policies that cover potential business identity theft losses. Do your research! Unfortunately, there are fraudsters out there who also scam business owners with phony policies. Additionally, shop around. Some can be costly, offering protection you don’t necessarily need.
5. Put best practices in place
Before you open your doors, be sure to have the following technology tools and practices in place. If you don’t have an IT employee in place, consider hiring an outside professional to help.
- Strong firewalls
- VPN for outside access
- Secure offsite data storage
- Automatic Windows and other software updates
- Secured wireless networks
- Limited software installation abilities for employees
- Train employees in digital security best practices
- Protect physical access to company computers
Make security as a top priority from the start so you don’t have to worry about the tedious cleanup after a hacker gets important data.
6. Use anti-virus software
When an unprotected device is infected, you may see one or all of these actions:
- Run slower than normal
- Show popups both online and/or offline
- Have programs that do not open, run slow or close unexpectedly
- Have browser(s) that do not display some or any website at all
- Show a blue screen with the error code
If your devices exhibit the above symptoms, chances are good that it has been affected. Invest in antivirus software, also called anti-malware software. Antivirus software will begin by checking your computer programs and comparing them to known types of malware. It will also scan your computer for behaviors that may signal the presence of a new, unknown malware.
7. Use secure passwords
The most common passwords are pretty easy for anyone to crack. Those include 123456, qwerty, 111111, password, and 123123 are among the top 10. Using a long, unique, random password might sound like an impossible feat, it’s easier than most people realize.
There are tools like Lastpass, Dashlane, and 1Password. You create a unique password for all sites and if one gets hacked, you only have to change one password, not all. Follow smart password guidelines to stay safe.
8. Educate your employees
Plan a meeting to go over identity theft and how it can impact a business. Put together guidelines for employees, especially those that deal with finances, to follow. If appropriate, bring in a security expert to go over best practices to avoid compromised data.
What should victims of business identity threat do?
If you believe your company has become a business identity theft victim, moving quickly could reduce the amount of damage your company suffers. Take these steps swiftly:
- Alert your bank, credit card providers, and other creditors that you may be a business identity theft victim and ask if they have received any recent or unusual charges or orders from someone claiming to be working with your business
- Request copies of documents or emails that were used by the thieves to fraudulently open or access your accounts
- Ask about placing fraud alerts on your business’ bank and merchant accounts
- Report the issue to the small business credit reporting agencies of Dun & Bradstreet, Equifax, Experian, TransUnion
- Notify local and/or state law enforcement officials
- If criminal changes were made to your business information on file with the Secretary of State, obtain certified copies of the fraudulent filings for later use and submit new filings with the correct information
- Talk to your business insurer and an attorney about your legal remedies