Protecting Small Businesses from Identity Theft

Yahoo.  JP Morgan Chase.  Staples.  Anthem.  Home Depot.  Cyber-attacks on major corporations in recent years have become an epidemic.  This epidemic has compromised millions of consumers’ private financial and health information, and has cost businesses and consumers upwards of $400 billion a year.  A new trend gaining momentum with cyber criminals is stealing the identity of small businesses.  Criminals have found Business Identity Theft is easy, low-risk, and extremely lucrative.  Once thieves gain access to business information, this information can be used to access bank accounts, secure lines of credit, order merchandise, file fake reports with state agencies, reinstate a closed or dissolved business, and enact tax fraud. 

Could your business afford a $9000 shoe purchase made from a stolen business credit card, $200,000 of phone charges to Africa because of a hacked phone system password, a $500,000 shipment of seafood to a customer who never placed the order, or the sale of one of your buildings without your knowledge?  These situations are actual reported cases of Business Identity Theft, and there are, unfortunately, many, many more.

According to Kaspersky Lab, the average direct cost of a security breach or small business identity theft is $38,000, and surveys by BusinessIDTheft.org estimate there are 8 to 12 million business identity theft victims annually.  It’s estimated approximately 60% of small businesses victimized by Identity Theft go out of business within one year.  There have been many articles and news stories for consumers on how to protect themselves from being the victim of identity theft.  But, what steps can a business owner take to do the same?

Protect Business Computers and Networks.   Restrict the use of business computers to only business activities.  Educate employees how to avoid phishing scams and emails containing malicious viruses.  Install and regularly use anti-virus software and firewalls on local networks.  Secure the business’ wireless network by using a password.  Make certain the personal phones and computers of employees who use them for business purposes are password protected.

Keep Business Information and Identifiers Private.  Protect the business EIN as securely as a social security number.  Keep all documents containing business information in a secure location which is not accessible to unauthorized individuals. Shred old or unnecessary documents containing private or personal information.

Protect the Business from Fraudulent Orders – Use “Trust, but Verify”.  Be alert for large or unusual orders from unknown customers or companies.  Utilize fraud prevention services for online ordering of products or services.  Respond quickly to customer notifications of fraudulent orders.

Monitor. Monitor. Monitor.  Regularly check records. Monitor credit reports, business accounts, utility bills, and credit card statements.  Balance bank statements diligently.  Check the business information on file with the state agency responsible for housing that information and notify them of any discrepancies or unauthorized changes. Some states offer free email alerts to notify a business owner if the information related to the business changes

There is no guarantee even the most diligent owner’s business will not fall victim to the crime of Identity Theft.  If this occurs, immediately notify banks and creditors.  Report the occurrence to law enforcement and credit agencies such as Dun & Bradstreet, Experian, TransUnion, and Equifax.  Request copies of documentation used to access or open accounts.  Notify the state agency responsible for housing business information.

Businesses increasingly depend on electronic data and computer networks to conduct their daily operations.  It is important to take a pro-active, rather than reactive, approach to protecting a business’ identity.  Keep up with trends on preventing security breaches, consult with IT professionals, implement necessary network security practices, and discuss insurance coverage options designed to protect a business form identity theft with your commercial insurance advisor.