Managing a Small Business
Identity Theft: Business Owners Are Vulnerable Too
How Companies Can (and Must) Prevent Identity Theft
Although consumer identity theft gets a great deal of attention — and for good reason, since an attack can hurt a person's credit for years — individuals aren't the only ones in the crosshairs of identity thieves. Businesses are being targeted as well.
According to the Identity Theft Protection Association, business identity theft is separate from the kinds of information-security breaches that have been in the news lately, where confidential customer information is stolen.
Instead, the crime involves impersonation of the business itself.
A thief might act as a representative of the company in order to defraud creditors and suppliers, loan officers, unsuspecting customers and even the government if taxes are involved. The results could be a drained company bank account, unexpected lines of credit, misdirected customer payments and unauthorized equipment purchases.
With this kind of threat looming, it's crucial for businesses to be careful. Here's a checklist of strategies that might guide your security decisions to reduce your company's chance of falling prey to identity thieves:
Make Security Updates Often
Many companies tend to purchase security devices or software, but then take a "set it and forget it" mentality that pushes the issue to the back burner, says Eric Knight, CEO of the Phoenix-based technology firm SimpleWan. "A standalone device purchased only a year ago that hasn't been updated or monitored may already be breached, and you wouldn't even know it."
Review Commercial Bank Accounts
Just as consumers are encouraged to look at their bank activity frequently (even checking daily online) to catch any fraudulent charges, businesses should review transactions regularly. If a company has a longstanding relationship with a bank, it's worth having a conversation with bank officials to let them know that there are no plans to open new lines of credit or loan accounts.
Put Authentication Controls Into Wire Transfers
If a company uses wire transfers and electronic payments, it's wise to implement a system that requires at least two people to approve each transfer. Some financial institutions also offer other forms of authentication that must be provided before a transfer is approved.
Train Employees About Phishing Scams
This type of scam relies on an authoritative tone over email or the phone that tricks people into divulging confidential information, such as company account numbers or passwords. Phishing scams often purport to be from government agencies or legitimate financial institutions, even though none of those entities would ever ask a business owner to divulge such information by phone or over email.
Put Customers on Alert
Create invoicing standards with customers, and ask them to check with you if there are any changes. For example, you may regularly email invoices and accept electronic payments. If a customer gets a mailed invoice with a request that a check or money order be sent to a location that's different from the company address, that should be a red flag.
By monitoring accounts frequently and being more aware of potential threats, a business can reduce the chances that identity thieves will do long-term damage.
Illustration by Mike Austin | Elizabeth Millard is a freelance writer whose work has appeared in Entrepreneur, BusinessWeek, and Delta Sky Magazine, among other publications.