Protecting Your Business from Identity Theft

Identity theft can have serious repercussions for businesses, from financial loss to reputational damage. It’s crucial for organizations to understand the risks and take steps to protect both their operations and the sensitive information of their customers and employees. 

Common Ways Identity Theft Happens 

Lost Wallet 

If an employee loses their wallet, it can expose not only their information but also any business information they may have had inside. 

Advise employees to carry only essential items and avoid storing passwords or access codes in their wallets. Also, set clear policies on the use of business credit cards. 

Mailbox Theft 

Stolen business mail can lead to fraud or even a redirection of important documents. 

Use secure mail drop boxes and encourage the use of USPS Informed Delivery to monitor what should be delivered. 

Using Public Wi-Fi 

Unsecured public Wi-Fi can be used to steal sensitive information. 

Limit the use of public Wi-Fi for business purposes. If necessary, require the use of VPNs and/or private hot spots for remote employees or staff working in public areas. 

Data Breaches 

Hackers can steal sensitive information by breaching company databases. 

Encrypt all personal information shared with third parties or transmitted over your wireless network. Regularly monitor data access and implement data loss prevention systems. 

SIM Card Swap 

Fraudsters may gain control of an employee’s phone number, intercepting calls and texts. 

Implement multi-factor authentication (MFA) on critical systems, use authentication apps, and require PINs or passwords for employee mobile accounts. 

Phishing or Spoofing 

Scammers may pose as legitimate businesses via email or phone to trick employees into disclosing personal data or company information. 

Train employees to avoid clicking on unfamiliar email links. Advise them to never disclose sensitive information without verifying the identity of those requesting it. Always verify unexpected requests for payments, account changes or information via a callback to a known, trusted phone number. Remember your financial institution will never reach out to request sensitive information in this way. 

Skimming 

Card information can be stolen at payment terminals and ATMs using hidden skimming devices. 

Use cards with contactless or chip technology, pay inside whenever possible, and set up alerts to detect unauthorized transactions on company cards. If your business has payment terminals, regularly inspect them for evidence of tampering. 

Shoulder Surfing 

Fraudsters can steal information simply by watching employees key in sensitive data – either in person or via camera. 

Encourage employees to be mindful of their surroundings, shield keypads when entering passwords, and avoid working on sensitive documents in public. 

Malware 

Opening suspicious email attachments or visiting malicious websites can install malware that compromises business data. 

Train employees to avoid unknown email links and attachments. Use updated antivirus software and strong firewalls to protect business systems. 

Additional Best Practices for Preventing Identity Theft 

Use Strong, Unique Passwords and MFA 

Reusing common passwords across accounts increases the risk of identity theft. Use a password manager to create strong, unique passwords for each account, and implement multi-factor authentication (MFA) for an added layer of security—especially on sensitive business and financial systems. 

Encrypt and Limit Access to Sensitive Data

When sharing data with trusted parties, ensure the confidentiality of personal and sensitive business information by using encryption. Limit access to sensitive data to employees whose roles require it, using role-based controls and regularly auditing data access logs to enhance security. 

It's also important to only retain information for as long as it is necessary. Dispose of records containing sensitive information securely, whether through shredding or data wiping. 

Go Paperless 

Minimize the use of paper documents to reduce the risk of physical document theft or unauthorized access. Digitize records wherever possible, storing them securely in encrypted digital storage solutions with restricted access. For paper records or physical mail that are necessary, make sure they are properly safeguarded and securely shredded when no longer needed. 

Regular Employee Training 

Conduct regular training sessions for employees on best practices for handling sensitive information, phishing awareness, and data security measures. Ensure employees are up to date on how to recognize fraud. 

Steps for Identity Theft Victims 

If you are impacted by business identity theft, it is critical to take immediate action: 

1. Contact your bank immediately to close any affected account. 
2. File a report with local law enforcement to document the identity theft. 
3. Contact the credit reporting agencies to add a fraud alert to your personal and/or company accounts. 
4. Report the Incident to the Federal Trade Commission (FTC) at IdentityTheft.gov or by calling 1-877-438-4338.