6 Steps to Protect Your Business from ID Theft

For small- and mid-sized business owners, whose time and energies are dedicated to growing the company, data security often falls to the bottom of the list. But it shouldn’t. Protecting your business and your clients’ financial data is critical to averting the kind of disaster that could ruin your business’ success.

According to the IRS, business identity theft cases have increased from around 350 in 2015 to about 10,000 cases in 2017, potentially costing $137 million total. “Fraudsters are stealing as much as $1 billion a year from small- and mid-sized businesses in North America and Europe, and the numbers are only going to increase,” says Mike Gross, director of product innovation for global fraud and identity at credit reporting company, Experian. “Because the largest institutions have sophisticated fraud prevention solutions in place, the latest fraud attacks are looking to exploit the next tiers of businesses that are typically not as well defended.”
Entrepreneurs, freelancers, and businesses with fewer employees often have a lack of resources available for ID theft prevention. But there are several practical steps you can take to make it tougher for criminals to steal your business’ valuable information.

1. Operate with an Employer Identification Number

While a corporation or limited liability company must have a separate employer identification number (EIN) for tax identification purposes, a freelancer or small-business owner may operate as a sole proprietorship under his or her Social Security number, even if the business has employees.
It’s good idea for sole proprietors to use an EIN, which can be obtained easily through the IRS website. Keeping business and personal finances separate is a good idea for many reasons, including identity theft prevention. “That protects the business owner,” says Paige Hanson, chief identity education lead with the consumer business unit of Symantec. “If the business becomes a victim of identity theft, it won’t be tied to your identity.” To help keep finances separate, once armed with an EIN, you can apply for a business credit card to help track finances and detect fraud more easily.

2. Secure Sensitive Online and Offline Files

Your business may have several paper files such as bank statements, tax returns, and customer lists that hold sensitive information. Taking some basic steps to protect paper documents, such as using a secure mailbox, shredding any documents you don’t need, and keeping sensitive files in a locked area are all easy ways to decrease the threat of fraud.

To combat online digital fraud, make sure your computer systems have appropriate firewall, anti-virus, and anti-malware technology. Off-the-shelf security packages are usually sufficient for small businesses, and some products now offer protection that extends to mobile phones and other devices. Be sure to update patches in a timely manner by allowing automatic updates.

Also, check with your internet service provider to find out how it protects your data. Find out which third-party security vendors it uses, then check the vendors’ websites to learn how frequently they update their solutions and whether certain content types are protected.

3. Establish Good Internal Controls

It’s important to use passwords or otherwise restrict employee access to certain documents, such as customer lists or accounting files. Establish a clear protocol to follow in the event of a data breach, including assigning someone to manage the breach and outlining what actions need to be taken.Changing passwords at least once a quarter, using random password generators, and saving passwords offline on a jump drive are all ways to keep them away from internet hackers.

4. Ask Vendors About Their Information Practices

You may be asked to provide sensitive data on credit applications or other documents when you work with vendors. Ask about your vendors’ security practices to ensure you’re not putting sensitive data in the hands of a company that doesn’t adequately protect it.

5. Deter Device-Centered Hacking

The “bring your own device” trend – in which employees use their personal mobile phones and other devices for work – introduces extra risks to a business. Devices need to be password-protected to ensure that sensitive company information can’t be accessed if the device is lost or stolen.

Mobile payment solutions may increase security risks. “The risk is definitely real with mobile payment solutions, and account takeover fraud should be an immediate concern for small-business owners,” Gross says. He suggests that business owners closely protect their account credentials because a fraudster gaining access to that account could easily divert funds from legitimate transactions to another account.

If you’re considering using a mobile payment system, look for one that uses the best possible encryption methods and devices that require the highest level of authentication available.

6. Regularly Check Your Statements and Profiles

Keeping an eye on your accounts is one of the best methods of halting fraud before it gets out of hand.
BusinessIDTheft.org is a nationwide program from the Identity Theft Protection Association and the National Association of Secretaries of State to help combat business identity theft, data breaches, and other types of fraud.

According to the organization’s website, you can also use your state’s online Business Identity Search to enter your business name and review information about your business. Some states offer free email alerts to notify you when information related to your business identity changes.
It’s also a good idea to review your banking and insurance agreements to determine whether your business accounts have protection against fraud, which can differ from consumer protections.

Learn More About Protecting Your Business from Theft: Contact chamber partner Infintech for more information on how chamber members can get special pricing on payment processing.