Risk of Identity Theft is a Costly Proposition for SMBs
Much like individuals, businesses can be victims of identity theft. However, unlike personal identity theft, it is often unclear how a Small and Medium-Sized Business (SMB) can recover from the financial and reputational impact. Business identity theft occurs when criminals impersonate a company to target its funds, file fraudulent tax returns, take out loans, or apply for lines of credit — all for financial gain.
Business identifiers, such as Employer Identification Number (EIN), Creditsafe Safe Number, D-U-N-S Number, or corporate credit card number, are often obtained as the result of a data breach, whether directly or via a third-party — meaning your business data was stolen when someone you do business with was breached. Not only have 66% of all SMBs experienced at least one data breach in the last 12 months but 60% of SMBs suffering a security incident close their doors within 6 months. And while no one can fully prevent a data breach, it is crucial to recognize the signs that your business identity is at risk, and from there, take the appropriate steps to protect what you’ve built so that a compromise doesn’t result in an even more devastating outcome.
Signs and Consequences of Business Identity Theft
In addition to data breaches, criminals target your sensitive business information through scams such as phishing emails, W-2 scams, delinquent utilities, office supply scams and more. Identity thieves are continually revising their methods to get their hands on this data, as the payoff from business identity theft is much greater than individual-focused scams.
Cybercriminals are taking advantage of new remote work circumstances during the COVID-19 pandemic by layering in the urgency around the coronavirus outbreak. And, with many employees working remotely, it may not seem unusual to get an email from “the IT department” asking for password or account information.
The FTC has identified 7 types of scams targeting employees, putting both employees and businesses at risk:
- Public Health Scams
- Government Check Scams
- Business Email Scams
- IT Scams
- Supply Scams
- Robocall Scams
- Data Scams
These are the 7 types of scams the FTC says are being used most effectively against businesses and their employees. So, it’s a good idea to share this type of information within your organization. Because, these types of scams can infiltrate business systems from many different entry points, and every one of your employees is a gatekeeper. Human error and failures lead to almost half of all data breaches, so it is really important that employees are aware of how they’re being targeted.
SMBs make attractive targets because of their large account balances and higher credit limits, and the networks they are a part of which provide a gateway to the data of larger companies. They are seen by fraudsters as easy prey as SMBs often have a minimum of data security and lack of resources to investigate such incidents. As a small business owner, the financial impact of identity crime may result in not being able to fund payroll or pay your taxes, bills, and suppliers — all of which can negatively impact your business’ credit score. Beyond an SMBs own financial accounts, business identity theft can result in reputational damage, operational disruption, and regulatory actions.
There are five major signs that may signal that your business has been targeted by identity thieves:
- You receive a rejection notice from the IRS claiming a return was filed using the same Employer Identification Number (EIN), or receive an unexpected tax transcript.
- You notice unusual charges made to your business account or receive bills for items your business never purchased.
- You find records of bank accounts and credit cards opened under your business’ name in your credit file.
- You receive notices from debt collectors for unknown purchases.
- You no longer receive expected business bills or other mail.
Seven Steps for Recovering from Business Identity Crime
Act fast and consider the following when recovering your business assets:
- Notify your financial institution and credit bureaus to freeze your business accounts immediately, deterring additional fraud from occurring.
- Notify the appropriate government agencies such as the IRS, BBB, FTC and file a police report stating that your business is a victim of identity theft.
- Keep a record of all fraudulent activity and reports.
- Notify your vendors and suppliers if they are affected.
- Monitor your bank account statements and credit report for suspicious activity.
- Close any accounts that have been opened or tampered with as a result of identity theft.
- Arm your business with Small Business Protection to defend your company and your employees from the fallout of identity theft.
Identity theft can be a stressor for any small business, especially if you are unsure how to recover its identity.
Tips to Protect Your Business Identity
- Update your security measures. From your antivirus software to business passwords, make appropriate updates to ensure all devices and accounts are protected.
- Encrypt your data. By using encryption, if fraudsters get a hold of sensitive personal or business information, it will be rendered useless.
- Remain vigilant in monitoring your accounts. Even after a case has been resolved, your business identity is still at risk. Continue to monitor your financial and credit accounts.
- Safeguard your employees. If your SMB is compromised, it can affect everyone attached to the company. Offering identity theft protection as an employee benefit will help alleviate the stress and loss of productivity.