Protecting Your Business from Identity Theft
Business are facing increased attention and attacks from identity thieves. Businesses that are not keeping up with the threats are more susceptible than the ones that are staying informed and taking action. Here are actions your business can take to protect your business from identity theft, fraud and cybercrime.
- Review your business's commercial banking agreements. Business banking accounts have a higher fraud liability than personal banking accounts. They also have less time to report fraud and are not as well protected. It's not uniform, either; some banks amend their commercial banking agreements to reduce their fraud protection even further.
- Don't mix business and personal. Finances, that is.
- Make sure you have authentication controls in place for electronic and wire transfers. Most such frauds are not discovered quickly enough to stop them, and once they go through they're usually difficult to recover.
- Have someone review your accounts often, even daily, to look for suspicious activity. Report any discrepancies, even small ones. Thieves will often test an account with a small charge to see if it goes unnoticed before making a bolder move.
- When you're accessing your online accounts, use one computer with beefed-up security. Have it loaded down with antivirus programs and as much malware and spyware detection as possible, and not just the free stuff; invest in making it super-secure. Make sure all the passwords used on it are very strong, with upper and lower-case letters, non-alphanumerics and numbers, with at least eight characters. Don't use the same password anywhere. Don't access these accounts on any other computers or devices.
- Make sure all your business checking supplies are on lockdown. That includes paper checks, deposit slips, endorsement stamps, account records and anything else that gives any information about your bank accounts. Shred any documents that you don't need anymore, but contain any sensitive information.
- Be on the lookout for phishing scams. Know that no legit email is going to ask you to send sensitive information like a Social Security Number or account information of any kind. Don't click links or open attachments that are sent to you.
- Set up a Google Alert for your business to quickly find out if a thief might be using your company's name for nefarious purposes.
- Use Positive Pay, a system that lets banks verify paychecks against a list you send them.
- Be as careful with your EIN as you are with your Social Security Number.
- Thieves look for businesses that are lax in filing annual reports and updates because it shows them that the business probably doesn't keep close tabs on their information.
- On that note, see if your Secretary of State has an email alert service. This lets you know when any of your business information has been changed, which can act as a fraud warning for you. It's free in the states that do offer it, so there's really no reason not to enroll. If your state doesn't offer email alerts you should do a manual search from time to time to make sure nothing has changed.
- Thieves will sometimes use trade and credit references to pass themselves off as a representative of a business. Ask your references to let you know if someone contacts them about your business.
- Make sure your employees are trained on and using best security practices. Make sure they are in the loop with phishing scam tactics, that they're using strong passwords and that they know any applicable security protocols your company uses.
- Double-check any large or unusual order, particularly from a new account. Contact the buyer directly if you have any questions about the veracity of the order.
- Many online payment gateways offer fraud protection, like requiring a zip code and CVN with a credit card payment. You should make sure these options are enabled.
- If you are letting any online services expire, make sure all the information on them is removed prior to expiration. For example, if your domain name is going to expire, make sure you delete everything from the website it was associated with.
- Add domain privacy to any domain names. The WHOIS information contained in registering a domain can come in handy for a identity thief.
- The bottom line is: BE ALERT. Look for suspicious activity online, in your accounts, mis-addressed business mail, strange deliveries, suspicious activity. It may sound paranoid, but thieves thrive where little things go overlooked.
We can help make sure your business is doing all it can to avoid cybercrime, from hacks to identity theft. Contact Petronella Technology Group to set up a free consultation.