How to prevent business identity theft

| Business Briefs, Business Miscellaneous

(Part 3 of 3 in the Business identity theft series)

Business identity theft is one of the newest threats to businesses across the country.  Once a business’ identity has been compromised, the criminals can go on a spending spree buying electronics, office equipment, gift cards, liquidating lines of credit or opening new lines, filing fraudulent tax returns and more.  In severe cases, businesses have even had to close their doors because of insolvency caused by these criminal activities.  It takes vigilance and proactive steps to combat these criminals.

The best way to minimize the threat of this happening to your business or organization is by addressing any weaknesses in your security practices.  Both physical security and cybersecurity must be considered.  This dual approach provides the best protection against a growing threat.

From the physical security front, the following steps are recommended:

1)   Protect company documents by limiting their access to only authorized personnel. Keep them in a secure environment and shred before disposing of them.

2)    Never provide your business’ Employer Identification Number (EIN) unless you made the initial contact.  Protect it like you would your Social Security number.  Part 2 in our business identity theft series discussed how your stolen EIN # could be misused.

3)    Annually monitor business credit reports with the credit bureaus:  Dun & Bradstreet; Equifax; Experian; and Transunion.

4)  Review your commercial banking agreements.  Know your bank’s policies for fraudulent transactions and how it would impact your business’ liability.

5)    Consider online banking.  It provides the opportunity to daily monitor your accounts and quickly discover any fraudulent activity.  Make sure you use strong passwords.  Also consider email or text alerts for real-time notification of banking activity.

6)    Keep all banking and checking supplies in a secure location and only accessible by authorized persons.

7)    Review banking statements as soon as they arrive.  Even the smallest transaction could be fraudulent.  Criminals commonly start with small purchases to see if the transaction is caught before graduating to larger purchases.

8)    Keep your company and personal finances separate.  Most banks and credit card issuers exclude business-related purchases made with a personal card from their “100% fraud protection” guarantees.

9)    Annually check with your Secretary of State to ensure that your business entity’s details are current.  Update changes as soon as they happen.

From the cybersecurity side, consider the following practices:

1)    Have your server in a locked room with access only for authorized personnel.

2)    Install a security system with monitoring.

3)    Install both hardware and software firewalls.

4)    Encrypt your data.

5)    If your employees take their laptops outside of the office, encrypt their hard drives.

6)  Use strong passwords with 8+ elements including upper and lowercase letters, numbers and characters.  Update them once per quarter.

With the sophistication of technology and the progress at which it is improving, implementing effective security systems is a necessary cost of doing business.  While there is no such thing as a system that cannot be hacked, many criminals who desire profit won’t waste time or resources going after a difficult target; instead, they will move on to easier ones.

Business identify theft, like most kinds of fraud, thrives in an environment of complacency.  Part 1 in our business identity theft series discusses how your company could fall victim to identity theft.  To avoid the potentially devastating repercussions of it, you need to take proactive steps to combat these criminals.

For guidance and more suggestions regarding how to protect your business, contact Alerding CPA Group at 317-569-4181 or visit our website:

What should you do if your businesses’ identity is stolen?  Victim Action List.