As a small business owner, you understand the importance of having a good reputation, and you go to considerable lengths to protect it. That’s why the mere thought of someone using your personal information to impersonate you for financial gain, and ruining your credit score in the process, can be so loathsome.
Business Identity Theft Is a Growing Problem
As unpleasant as it is, business identity theft is a real problem, and it affects more SMBs every year because they increasingly depend on digital data and information technology to conduct their day-to-day operations.
The criminals who commit business identity theft are interested in business identifiers, such as Employer Identification Number (EIN), employees’ personal data, such as names, Social Security numbers, and dates of birth, as well as other sensitive information.
They use the information to take out loans, open lines of credit, file fraudulent tax returns, and otherwise improve their financial situation at the expense of the impersonated small business and its employees.
Just like with ransomware attacks, the victim often notices what’s going on when the damage has already been done and their reputation ruined.
Download
DoD Contractor’s Guide to CMMC 2.0 Compliance
Top 5 Business Identity Theft Prevention Tips for SMBs
For as long SMBs continue to be attractive targets in the eyes of fraudsters because of their higher credit limits and weaker cyber defenses, business identity theft will be a pressing issue. Here are five tips on how to prevent it.
1. Implement Basic Cyber Defenses
Having basic cyber defenses in place can go a long way in preventing cybercriminals from getting their hands on sensitive information. At the very least, you should have:
- Firewall to block unwanted incoming and outgoing connections
- Anti-malware to detect and neutralized malicious programs
- Monitoring to analyze suspicious network activity
- Role-based access control to restrict system access to authorized users
- Spam filter to prevent malicious emails from reaching your employees’ inboxes
2. Learn to Recognize Phishing Attempts
Phishing is, by far, the most popular attack performed by cybercriminals to obtain the information necessary to steal the identity of a business for financial gain. The appeal of phishing lies in its simplicity: no sophisticated hacking techniques or advanced coding skills are required—just good old social engineering.
For example, phishers sometimes impersonate the IRS by sending out emails containing requests for PIN numbers, passwords, and other access information for credit cards or banks. The same social engineering attacks may also happen over the phone or in person.
The key is to never trust any out-of-ordinary requests without thoroughly verifying them first. Regular cybersecurity awareness training with a focus on phishing attacks is guaranteed to equip employees with the skills they need to spot common phishing signs before it’s too late, making it an excellent investment.
3. Use Strong Authentication
Passwords, no matter how complex, don’t provide sufficient protection against business identity theft because they can be stolen, brute-forced, or obtained using social engineering. The good news is that over 99.9 percent of account compromise attacks can be prevented just by enabling multi-factor authentication, or MFA for short.
MFA makes it virtually impossible for an unknown person to access protected resources by requiring two or more pieces of evidence to be presented during authentication attempts. Examples of suitable authentication factors include biometrics, security tokens, and one-time passwords (OTPs).
4. Improve Your Physical Security
With major cybersecurity incidents making the headlines on a regular basis, it’s easy to forget that business identity theft may also start with a criminal physically breaking into your business and leaving with a briefcase full of documents.
A camera system monitoring your entire office space, both from outside and inside, is a must, but surveillance is just one part of the physical security equation. The other part is access control, which encompasses everything from locking windows to biometrically restricted doors.
5. Shred Sensitive Documents
Unless your office is entirely paperless, you produce a substantial quantity of business documents every single workday. Inevitably, most of the documents you produce end up tossed into the trash. But what’s trash for you is a treasure for criminals intent on fraud, so shredding everything you don’t want anyone else to see is essential.
But what if some of your employees work from their homes? In that case, you should equip your remote employees with shredders and teach them how to safely dispose of confidential documents so they don’t fall into the wrong hands.
When Business Identity Theft Becomes Reality
If you believe that your business has become an identity theft victim, then you have limited time to act and go through the following checklist:
- Report the identity theft to the Federal Trade Commission.
- Put a fraud alert with Experian and with the other credit bureaus.
- Contact your bank, credit card providers, and other creditors.
- Compile evidence of the business identity theft.
- Notify your local law enforcement officials and talk to your attorney about legal remedies.
Above all else, you need to eliminate the root cause of the issue, and that usually means strengthening your cyber defenses.
At OSIbeyond, we provide enterprise-grade cybersecurity solutions designed for small and medium-sized organizations, including cybersecurity training and managed security services.
With our help, you’ll be able to more effectively prevent business identity theft and other cybersecurity incidents while maintaining a focus on core business activities. Contact us to get started.