Business Identity theft is becoming a real threat to businesses. If you’ve ever had a credit card stolen or owned a credit card, you might be familiar with consumer fraud. However, this type of fraud, involves the loss of personal information to an individual, whereas business identity theft is typically a larger-issue and can affect employees and clients alike.
What is business Identity theft?
Business identity theft involves illegal impersonation of a business for criminal gain. Business identity theft can affect any business regardless of their size. No business is entirely safe from identity theft.
However, there is a considerable risk for small to medium businesses. Smaller business tend to have less sophisticated security systems which could mean they are more vulnerable to attack.
What to look out for?
Here are some of the common scams that you should be wary of and keep an eye out for:
Invoices from Suppliers
Be wary of the emails with invoices as attachments claiming to be for goods you have purchased. If you are not suspecting an invoice from this supplier, then do no open the attachment. Also, whilst the email may look very similar to that of your normal supplier, its likely that the email address will be completely different. If in doubt always call the supplier to double check or delete the email.
Emails from Directors and CEO
Another common scam is when an email appears to come from the director or CEO of the company asking for money to be transferred to an unknown account. Always be wary of emails that are marked as urgent and never divulge any sensitive information.
Microsoft Office 365 password reset / Apple ID
Scammers also create very convincing emails claiming to be from Microsoft 365 or Apple, asking for your password or Apple ID to be changed. Or they ask you to click on a link to verify your account and once the link it’s clicked it takes you to a page where you log in. By changing your password or clicking on the link to verify your account you are providing the scammer with your password and subsequently they can access your Microsoft or Apple account.
What to Do If You Suspect Your Business’ Identity Has Been Compromised
The steps to follow if you think your business’ identity has been compromised are very similar to the steps you would take if your personal identity was stolen:
- Contact the police and file a police report
- Contact all of your banks and credit card issuers as well as anyone else your business may have credit with
- Speak to the fraud department in credit reporting agencies and place a fraud alert on your accounts.
Just like personal identity theft, cleaning up your business’ accounts can take a long time. Unfortunately, the damage to a business can be even more severe than to an individual, so it is important that you protect your business’ identity.
How to protect your business against identity theft
- Ensure that you invest in the best security solutions your business can afford including:
- Email security; including URL protection and attachment protection
- Ransomware protection
- Mobile protection
- Email Encryption
- Device Encryption
- Two factor Authentication
- Ensure you adopt a secure and strict password policy which all your members of staff have to adhere by:
- Avoid choosing obvious passwords (such as those based on easily-discoverable information like the name of a favourite pet)
- Please do not choose common passwords (such as “password”)
- Please do not use the same password anywhere else, at work or at home
- A minimum password length of at least 8 characters
- Can be based on 2 completely random words
- All 3 of the following – 1 upper case, 1 special character, 1 number
- An example of passwords that meets these requirements are: Clockfootb8!!
- Follow security best practices
- Strong Firewall
- Ensure strong passwords are used as above
- VPN for outside access
- Ensure you follow the 3-2-1 backup method
- Schedule virus and malware scans
- Ensure Windows updates and other software updates are completed correctly
- Secure all wireless connections
- Limit software installations and admin rights to employees
- Ensure your staff are fully trained in what to look out in terms of ransomware and Phishing attacks. There are training solutions available such as Sophos Phish Threat. Sophos Phish threat educates and tests your end users through automated attack simulations, quality security awareness training and actionable reporting metrics.
If you would like to discuss anything mentioned about identity theft please get in touch with our team.