Identity Theft – Is Your Business Vulnerable?James Evans
Identity theft is a hugely personal crime, targeting individuals, taking their personal information, and then using it for gain. But it isn’t just individuals who are being affected: there is a serious and rising risk to businesses.
Successfully targeting a business is often no harder than targeting an individual, but the rewards that come with a successful ID theft can be far greater. Criminals frequently target businesses for several key reasons:
- Businesses have more money in their bank accounts.
- When opening a new account, businesses are often given a bigger credit limit.
- Less scrutiny on large orders: a single consumer ordering 50 computers might raise warning signs, but the same purchase by a business would be considered normal.
Small and medium-sized businesses are popular targets because their security often hasn’t caught up with their revenue growth.
How Are Businesses Vulnerable?
Firstly, businesses are at risk of having their own identity stolen. When this happens, a criminal will take a company’s identity and make it their own, establishing credit using the business’s credentials and reputation.
They will then be able to start spending using those credentials, racking up as much debt as possibl as quickly as they canr. By purchasing electronics and other items that are easy to sell on, they can quickly make a profit and then disappear. The business is left to deal with the debt and the damage to its credit score.
A second, but no less serious risk, is that businesses are targeted by hackers who want to get hold of the customer data they hold. This information is valuable, and if leaked, or maliciously stolen, could be used to steal the identity of the business’s customers.
Although it would be the customers, rather than the business, that bear the main financial brunt of this attack, any business involved in losing customer information can expect to take a hit to their reputation, and to possibly be involved in litigation or suffer fines further down the road.
What Can Businesses Do to Protect Themselves and Their Customers?
The primary action businesses must take is to protect their data. Identity theft relies on the theft of information that allows the thieves to pass themselves off as either the business or an individual.
If these thieves cannot easily access this data, it is almost impossible to steal an identity, since they cannot get past the most basic security questions that a bank or other business will ask when they request credit or try to setup an account.
Protect Physical Documents
While most modern security threats are digital, businesses shouldn’t neglect their physical security. Physical documents can be stolen from your office by visitors, or even taken from your bins outside.
Businesses should develop and execute strategies that prevent this theft, with a priority placed on ensuring employees understand the risks and do not leave business data unprotected and unattended.
Another vital step is to shred documents with business data on once they are no longer needed. The safest way to do this is to use a professional shredding service, but any shredding is a significant step up from simply throwing documents into the trash, where anyone could find them.
Protect Digital Data
Traditionally, identify theft uses stolen physical documents. Today, an identity fraudster need not be anywhere near a business to steal their identity of that of their customers because they can access the information they need digitally.
Without proper protection, your digital data is at high risk. Here are just a few scenarios that could ultimately result in identity theft:
- Lost Device – An employee leaves a laptop or smartphone on the train or in a restaurant. If effective security isn’t in place, an enterprising thief may gain access, not just to the information stored on the device, but also to that held on your server, or on other cloud services that you use.
- Physical Access – If a criminal can access your premises, either during the work hours or by breaking in, they may easily get access to important information through work terminals left logged in. This might also be an insider attack – an attack perpetrated by someone already working for your business.
- Password Hack – Most employee’s passwords are weaker than they think. If someone has weak passwords or reuses personal passwords for business use, their accounts can be compromised.
To protect against these threats, businesses need a complete solution that defends all of their devices, servers, and accounts.
When a business is small, it isn’t uncommon for every employee to have the same level of access to files on the network. However, as you start to grow the risk of an insider attack increases.
To reduce this risk, employees should be restricted to accessing information that is relevant and appropriate to their role. For example, only the accounts and finance department need significant access to the financial records; almost anyone else with access will needlessly increase the risk to your organization.
By compartmentalizing your data, you’ll also lower your risk in the event of a hack. Even if Joey from marketing uses a poor password and gets hacked, the hacker still won’t have access to the financial information they need to steal the businesses identity.
One of the best and easiest lines of defence are the eyes and ears of your team. By checking banking and other finance accounts daily, they should know exactly what is coming in and out of your account and whether its correct.
Another obvious sign of identity theft is if suppliers mention orders that you don’t recognise having made. If your team understands that it is their responsibility to check if something doesn’t quite add up, you can catch most problems early. The earlier you report a potential problem, the less damage it can cause, and the more likely the perpetrator will be caught.
Sign up for the Onion ID newsletter today to find out more about how you can protect your organization against identity theft and other common threats.