As the dangers of identity theft become more present in the public consciousness, more consumers are taking steps to ensure they’re doing as much as they can to prevent their personally identifying information (PII) from being compromised. Often overlooked however, is the equal danger posed by identity thieves who aren’t after your personal identity, but rather that of your business.
Businesses function within the financial world in many of the same ways individuals do. They accrue credit, make purchases, secure loans, make investments, provide health coverage, and a range of other activities that could be taken advantage of, given the right set of circumstances. Additionally, as numerous businesses have already discovered the hard way, the nature of one’s business may require the storage of not one person’s PII but many; potentially thousands or even hundreds of thousands of pieces of PII from individuals who work for or with your organization. Now this author’s goal is not to add fear and paranoia to an industry already rife with it, but simply to make business owners aware of the potential danger, and to provide a few basic tips on how to protect your businesses’ good name.
First and most importantly, begin with yourself. If you are an owner or an officer of the company, the compromise of your personal information can lead to a breach of the company’s information. Check your credit regularly and immediately make other officers aware if you feel any of your PII may have been compromised.
In the event of an account being compromised, freeze your credit. A credit freeze does just that; inhibits your ability to open new lines of credit. This is done through the credit bureaus (Equifax, Experian, TransUnion) and can prevent further damage and give you a chance to recover until you find the source of the fraud.
Next, keep a meticulous record of all accounts the business uses to make purchases. Expense accounts should be reviewed regularly. Any and all employees that have the ability to make purchases on the company’s behalf should be required to provide itemized receipts of every transaction large and small. A designated officer should be tasked with checking the status of these accounts regularly. Any discrepancy should be reported to your bank or financial institution immediately.
Run a Google search on your own website or specific market every once in awhile. An ever more common and emerging source of business identity theft is the theft of your company’s good name. Hackers have been known to use bots to download your company’s logos and other publicly available information to set up dummy websites. These sites can steal customer’s personal banking and credit information whilst the unaware consumer thinks they’re doing business with you. Search for your company’s domain name or general field on the web, and be wary of any site that utilizes similar domain names or logos or other artwork that are eerily similar to your own. Bigger companies can put their IT departments to work to ensure their good name isn’t being pirated for nefarious purposes. Smaller companies can make do by doing a simple Internet search of themselves every now and again. If you happen to find a spoof site like the one described above, immediately inform your creditors and customers, as well as the FBI. Identity monitoring web solutions are also available to do more sophisticated searches of the web than a normal search engine to include things like company logos.
Also be wary of customers looking to make big purchases who you’ve never done business with before. Make sure that you check the references of those you do business with so you don’t get stuck providing goods or services for a bogus payment. Credit card purchases deserve an especially careful eye.
Understand that your Employer Identification Number (EIN) is also a valued piece of information, much in the same way a Social Security number is for an individual. A tax ID number, in the wrong hands, can lead to bogus accounts being opened in your company’s name, accruing false government or medical benefits, or even file a false tax return come April.
Limit access to company accounts – preferably, trusted officers only. The more people within your organization who have access to your company’s private information, the more likely your company is to be victimized. A disgruntled employee can often be the source of a business identity theft.