Business Identity Theft – What can U.S. businesses do to protect themselves?

According to recent statistics collected by the National Cybersecurity Society (NCSS), business identity theft has become a serious problem among U.S.-based businesses, with the number of incidents reaching an all-time high over the past few years. I am recording it.

A 2018 report by the cybersecurity awareness and advocacy nonprofit, citing data from Dun & Bradstreet, showed that corporate identity theft has increased by 46% since 2017. Masu. This was the highest annual increase recorded at the time since the market intelligence firm began tracking his cases in 2017. Year 2005.

But the following year, Dun & Bradstreet's High Risk and Fraud Insight (HRFI) team reported a 100% spike in business identity theft, estimating a 258% jump in incidents at the height of the pandemic in 2020.

According to Mary Ellen Seal, founder and CEO of NCSS, small businesses are most at risk for such incidents.

“Small business identity theft, or stealing a company's personal information to commit fraud, is a big problem for identity thieves,” Seal said in an interview with global information services provider Wolters Kluwer. Told. “Unlike large enterprises, small and medium-sized businesses do not always have the necessary security controls in place to detect and stop fraudulent activity, so they may be more susceptible to targeting.”

However, she added that “large and small businesses alike” suffer from “general ignorance about the magnitude of the threat and devastating impact” that business identity theft poses to their operations.

What is business identity theft?

The NCSS defines business identity theft, also known as corporate identity theft, in its report, as “any crime committed with the intent to defraud or harm a company by creating, using, or attempting to use a company’s identifying information without authorization. It is defined as “theft of personal information”.

The nonprofit classified these incidents into four main types.

• Financial fraud: This includes obtaining new lines of credit, loans, or credit cards in a company's name or filing fraudulent Uniform Commercial Code (UCC) financial statements.
• Tax fraud: This includes filing fraudulent returns using tax subsidies or obtaining refunds through the federal or state government.
• Website defacement: This involves manipulating a company's website to redirect traffic to another website and steal customer data.
• Trademark Ransom: This is the act of registering a company's name or logo as an official trademark and then demanding a ransom to free it from the trademark.

However, personal finance site Money Crushers notes that much of the data used by identity thieves is readily available through a company's website, social media accounts, or public records; It points out that understanding the risks is important. Please take the necessary precautions to prevent theft and prevent financial and other damages.

Why are businesses targets of identity theft?

Companies are required by law to release certain company-sensitive information such as financial statements and stakeholder information, including key identifiers such as employment identification numbers (EINs) and sales tax numbers. There may be cases. Cybercriminals often have a wealth of information available to them. According to Wolters Kluwer, it is possible to steal data.

Money Crashers added that identity thieves are shifting their focus from consumers to businesses. Companies “may maintain larger bank account balances and have higher credit limits.”

“Criminals commit business identity theft for the same reason they commit consumer identity fraud: financial gain,” the company explained. “However, even small businesses typically operate on a larger scale than individual consumers, making them a bigger target.”

How can businesses protect themselves from identity theft?

Despite becoming increasingly a prime target for identity theft, businesses can still take various steps to avoid falling victim to identity theft. Here are some practical strategies businesses can implement, according to experts.

1. Check and monitor your business credit report regularly.

By doing so, businesses can spot mistakes and fraudulent accounts so they can immediately contact credit agencies to dispute them.

“Suspicious activity, including inquiries or new accounts you don't recognize, is likely a sign of fraud,” Gerri Detweiler, director of education at Nav and herself a victim of business identity theft, wrote in a Forbes article. states. “We recommend that you check and monitor your credit with each of the major commercial credit bureaus, such as Dun & Bradstreet, Equifax, and Experian, because credit bureaus do not share information with each other except in very limited circumstances. I recommend it.”

2. Make sure your business records and documents are secure

Money Crushers advised companies to only keep records that are essential to the company's operations and to “shred physical documents that are no longer needed.” He added that all business records must be stored in a secure location, preferably digitally on the cloud rather than on physical storage such as a hard drive or flash drive. Paper records, on the other hand, should be kept in a locked, fireproof cabinet that only limited people can access.

“While much identity theft occurs online, identity theft can also occur offline,” the company notes. “Try to limit the amount of mail and paper with financial information printed on it. [the documents]That's because intercepting mail and rummaging through trash are common tactics of thieves looking to steal sensitive information. Whenever possible, sign up for electronic bank or credit card statements. ”

3. Educate employees on cybersecurity best practices

According to Oregon-based Q5id, fraud prevention and cybersecurity practices need to be understood from the top down. The identity and access management service provider added that once a company has internal controls in place, the next step should be training employees on best practices for preventing and addressing cybersecurity threats and fraud. .

“The most important identity theft prevention practices to teach should include implementing business protocols, identifying fraud, password management, safe internet browsing, email phishing, and how to report cyberattacks.” Q5id points out.

4. Don't post sensitive information online

Money Crashers urges companies to be conscious of what information they share online, as “even seemingly innocuous information about a project or business endeavor you're working on can put your company at risk.” I'm giving advice.

“Hackers are scanning social media for information they can exploit to trick employees into handing over valuable company data or initiate wire transfers,” the company warned. “Employees are much more likely to fall for phishing emails that look genuine, because the criminals who created them include all kinds of information they found on social media. is.”

5. Stay informed of computer network security updates

According to Q5id, one of the best ways for businesses to protect themselves from cyber-attacks, including identity theft, is to stay on top of network upgrades. You should also encrypt all your data and back it up regularly, and install a robust firewall with anti-malware capabilities. Companies can similarly investigate automated fraud screening systems to identify unusual purchases, purchase locations, and expenditures made in a company's name.

According to Fundera, a small business financial resource website run by NerdWallet, one of the keys to preventing business identity theft is to “always be prepared.”

“This means regularly reviewing and reconciling all account statements, credit reports and business registration information for both active and closed accounts,” Fandera added. .

Detwiler also advised businesses to act immediately if they notice suspicious activity.

“Sound a scam alert,” she advised. “File a police report. And make sure to keep your records. You may need them later.”

7. Invest in cybersecurity insurance

Cyber ​​insurance helps cover financial losses due to cyber attacks, and in an increasingly digital business environment, it is beneficial for businesses to purchase insurance. Coverage may also include claims by individuals or entities who may have been harmed by the company's acts or omissions.

Annual premiums range from $1,000 to $7,500 and help pay for “the high costs associated with data and identity theft,” Fundera said.

“When a data breach occurs, many businesses close their doors for good because they can't afford the expensive recovery and rebuilding costs,” the company said. “Cyber ​​liability insurance can help prevent this.”

What should businesses do if they become a victim of identity theft?

In an Identity Theft Resource Guide for Businesses posted on its website, the Colorado Secretary of State sets out steps businesses should take if they become a victim of identity theft or fraud, and all information provided It added that it is applicable to business owners in the states. According to the guide, businesses should:

1. Visit the Secretary of State's website and submit a statement of correction to correct incorrect information. You have the option to attach additional information, such as a written description of the event. When attaching documents, please avoid including any personally identifying information.
2. Contact your bank and credit card provider immediately to report the theft.
3. Contact the credit bureaus and talk to their fraud departments to report crimes and check your business credit report.
4. Compare your EIN to the company's EIN and report any discrepancies to the credit bureaus.
5. Contact business creditors, billing companies, and creditors where fraudulent accounts were opened to notify them of the criminal activity. Request copies of all documents used to access your account.
6. Document contact information, including name, title, phone number, and extension. Please include the names and numbers of all law enforcement officials you will contact. If you move around a lot, ask the person you end up talking to for a direct phone number.
7. Follow up all calls with a letter (with return receipt attached). Follow up to make sure the government agency or institution has received all the necessary documents to assist you.
8. Stay informed. Don't throw away files related to identity theft. Store all notes, correspondence, email printouts, copies of reports, and other documents in a secure and accessible file.
9. Check your credit report.

As the threat of business identity theft grows, it is important for all businesses, regardless of size, to understand the real risks posed by identity theft and avoid serious financial losses and other potential damages. It is important to take the necessary precautions to prevent it.