Businesses are NOT excluded from identity theft threats.
As a business owner, it is your responsibility to protect your company from countless types of fraud. This is not easy to do when you are unsure of how these fraudsters work. Even worse, there is a lack of consistent information that you can find on this subject on the Web.
But we are going to outline the following clearly:
That’s a lot to cover, so let’s get started!
Identity thieves know no boundaries, and as the saying goes, “Where there is a will, there is a way.”
The only way to spell out the types of business identity theft is to look at these fraudsters’ common methods.
1. Impersonation with the intent of forging and cashing out new credit lines.
Individuals are not the only ones with unique identifying numbers; a business’s EIN (Employer Identification Number) is just as sensitive. If a fraudster obtains it, then it’s just a matter of time before the fraud starts.
In fact, all an identity thief needs to impersonate a business and defraud funds is the business’s EIN, physical address, and legal name. This is why your EIN is such a sensitive piece of information, as the other two pieces of information are available through public records.
Your business’s EIN is used for many reasons, such as to open a new company bank account, to process W-9 forms, and to report taxes and wages. There are many other examples; in the end, there is quite a paper trail leftover.
2. Breaking in through the owner’s personal information.
An identity thief could use the business owner’s personal information to defraud the business. This would be a more extensive crime in most cases and often requires ID cloning and personal impersonation. It could also be targeted at other high-level staff members.
With the fraudster pretending to be the business’s owner, it becomes easy to gain access to its finances. The fraudster can then obtain many new cards and loans in both the company’s and owner’s names.
Personal information is partially shown through the public records of your business. As such, it’s important to know how to protect yourself from such a security breach.
3. Theft of sensitive documents or company credit cards.
All it takes is for one piece of paper to end up in the wrong hands, whether misplaced or taken. From there, that person has the power to defraud your company into oblivion. In fact, it does not have to be physical documents they steal — virtually stored or transmitted information about your business can be just as dangerous!
Remember, there are many new faces you learn to trust when you start a business. There is no guarantee that you will not hire a ‘bad apple’ at some point. This could be your upper management staff members or even the janitor that comes in to clean at night.
You must always:
Even more, it’s important to shred before disposing of any sensitive cards or paperwork. Dumpster divers often target businesses, and you do not want such a simple lapse of judgment causing serious problems for your company.
GFI published a whitepaper detailing how small business owners can build secure workplace platforms. It also gives a lot of insight into technical tactics used by cyber fraudsters, so it’s a worthy (but long) read.
And if you are not scared of cyber threats, you really should be — we covered social engineering identity theft recently and found a few interesting cases.
The most notable takeaway was that it’s not just about what the business owner does to protect their company. If just one employee’s e-mail gets hacked, it could spiral into a horrible mess — even if they do not have a security clearance, the fraudster could impersonate them to steal information or more accounts. If you think your employees would not be so gullible, think again.
The unfortunate fact is that it’s even harder to guarantee protection against business identity theft than it is against yourself. Too many variables are out of your control, and even the best ID protection plan cannot stop your employees from falling prey to fraud.
However, there are certain things you can do to step up your security, and by taking these steps, there will be fewer ‘easy ways’ for fraudsters to target your company.
Here are some good tips:
Of course, there are just some of the many things you can say about preventing business identity theft. What really matters is that staff knows how to stay safe, which involves understanding how to handle sensitive information. Use the appropriate training materials to ensure your employees know how to handle themselves; there are various security standards at state and federal levels.
We also recommend getting your employees to sign the Non-Disclosure Agreement (NDA) forms for safety purposes. This will ensure that they are rightfully convicted if they spread any sensitive information to fraudsters that lead to a fraud attack.
What might be more worried is that your business’s credit report is behind a door with no locks, and within it is a master key. You will understand why in a moment.
Your business’s credit report is available for anyone to access, supposing they are willing to pay the cost to pull the file. They can do this through any credit bureaus, including Dun & Bradstreet, Equifax, Experian, and TransUnion.
If you are not yet in business or have not heard of Dun & Bradstreet, they are basically the credit report bureau and verification service for businesses; they do what the other three do for individuals but are for companies instead.
Also, if you do not know what a business credit report really contains — here it is:
These are the main pieces of data that you are likely to find but remember. It can vary a lot depending on which credit bureau you request your credit report from.
Here are five fast tips:
And speaking of taking action, you also need to know how to do that if you suspect your company got targeted.
The specific process will vary depending on the business’s situation, but here’s a general outline of a business owner’s steps.
#1 – Notify your bank and creditors about the suspected fraud to put a freeze on your current accounts.
#2 – Notify all credit report bureaus — Dun & Bradstreet, Equifax, Experian, and TransUnion.
#3 – File a police report in the jurisdiction of your business and with the FTC.
#4 – Notify the rest of your creditors, service providers, etc., of the financial pause.
#5 – Draft up and send the ‘Statement of Correction.’
#6 – Maintain records of all communications, whether suggestive or not.
#7 – Once all is processed, check your credit report for an update.
#8 – Keep all records about the incident stored away somewhere safe.
#9 – Start monitoring your business credit report regularly.
It’s funny because identity theft victims often look at ID theft protection as nothing more than a scam — until they become victims themselves and truly learn how these services work.
There are many parts of personal identity theft protection that we do not like. Particularly, it’s senseless to pay for so many protective features that are free to manage on your own.
However, the circumstances are a little different when it comes to investing in business identity theft protection.
Doing so will grant you the following key benefits:
This is just a scratch at the surface of what a business identity theft protection plan can do for your company. If you are interested in learning more, see what iDefend Business does to protect businesses from identity theft.
Note: We by no means are giving our recommendation for this service provider (review to come), but they have many of the features you should want. Above all else, you must make sure to avoid the ‘business protection plans’ that really work for data breach situations and very few other circumstances.
With so much time spent chasing profits, it’s important to slow down for a minute and focus on preventing the things that could wipe out all your hard work. One of those is an identity theft situation that leads to major frauds against your business’s valuable accounts.