If we don’t act now, tomorrow we all will be victims of identity theft.
Privacy and security of personal information has been challenged lately. Identity theft showed no signs of restraint. Personal and Business Identity Theft is still rising. $221 billion is lost every year in Business Identity Theft. Assuming ones identity can open the doors to potential frauds, identity abuse and financial gain. A criminal act of Identity Theft has increased in the digital world. The traces of information are easier to follow when the criminals know where to look.
Collecting the data from social media platforms, email spoofing, email phishing and use of brute force to penetrate the computer system are common threats. Stolen information can be sold on black market, used for tax refund, and other financial benefits.
After the outbreak of Tax Refund Identity Theft, government has decided to review all the applications. Which according to security researchers will have effect on businesses. The simple reason being hackers are hunting for big scores. Logical trace of circumstances is for hackers to switch from attacks on Tax Professionals to Business Identity Theft.
Why do the attackers go after businesses?
The size of the business is of no importance small, medium or large, each has a value. Attacks on the businesses are never random, they are calculated and planed depending on the security level of the network. Some of the reasons are accessibility of data, location is appealing or there is a market for the information stolen.
Business Identity Theft is in its core similar to Personal Identity Theft. Posing as a certain individual thief can abuse the victim’s identity to either use medical care, file for financial benefits, open a credit card or bank account. The similar case applies for Business Identity Theft, assuming the companies employee or CEO identity, thief can:
- Abuse company owners identity
- Abuse company person identity who is authorized to sign documents
- File for credit and leave company with large debt
- Open a bank account and transfer resources to another account.
- File for business tax refund which makes it a larger financial sum comparing to personal Identity Theft.
- Making fraudulent orders on merchandise or other items.
- Steal and sell list of company employees personal identifiable data
- Steal and sell owners identifiable data
- Steal and sell intellectual property of the company.
Small businesses suffer a lot of scam. If they do not own intellectual property, the criminals will attempt money robbery. Majority of them never survive the attacks, due to loss of resources, credibility, and reputation. Some of the common scams on all businesses include email scams.
Phishing scam. As in all other cases, phishing scam will imitate legitimate client or partner, or any other company that business deals with. In the email there will be attachment or link. This will install the malware and give criminal access to the data base of employee information as well as of the clients. Individual cost of Identity Theft for employees or clients costs the business $15,000 according to the Aberdeen Group.
Protecting the Company
Any of the measurement of precaution apply to small, medium and large businesses alike. Avoiding doing business with companies that are not reputable is a good start. Some companies have weak security systems and a large data base easily accessible. The weaker the protection the more easy the breach. The easiest way is to check web site certificate. Which means depending on the web Browser there should be a pad lock next to URL to signal that the company has encryption system.
Additionally, it starts with employees, educating them to protect themselves they will protect the company:
- Inform them to make passwords complex.
- Not to give usernames, passwords or codes to anyone
- Not to open attachments and links
- Not to install or connect non-company software or hardware to working computer without permission of IT sector.
- To report any suspicious occurrence to the IT department.
On the other hand, the security network of the company has to be as high as possible for the employee habits to take effect on organization in general.
- Implement multi-layer protection system,
- Establish rules for IT department,
- Use firewalls,
- Update security software,
- Change default manufacturer passwords on each software,
- Track, archive and log any successful prevention of data breach
- Backup your data regularly
- Some large companies practice storing secondary backup in different location.
No matter the size any business is in jeopardy of Identity Theft. The larger the business the larger the price for thieves. It is not just an organization it is the amount of people working inside the walls. Each identity is worth something, and if it is lost due to companies negligence the financial damage will be even greater than the one thieves made. Protect your property by taking action.