What You Need to Know:
Much like individuals, businesses can be victims of identity theft. However, unlike personal identity theft, it is often unclear how a small and medium-sized business (SMB) can recover from the financial and reputational impact. Business identity theft occurs when criminals impersonate a company to target its funds, file fraudulent tax returns, take out loans or apply for lines of credit — all for financial gain.
Business identifiers such as Employer Identification Number (EIN), Creditsafe Safe Number, D-U-N-S Number or corporate credit card number can be obtained as the result of a data breach. Such breaches could be from someone targeting your business directly or a third-party breach (where your business data is stolen when someone you do business with is breached).
Not only have 52% of SMBs experienced a cyberattack in the last 12 months. The average cost of a cyberattack for SMBs reached $2.9 million in 2021, an increase of 26.8%.
While no one can fully prevent a data breach, it is crucial to recognize the signs that your business identity is at risk. From there, it is vital to know the appropriate steps to take to protect what you’ve built.
Signs and Consequences of Business Identity Theft
Criminals can target your sensitive business information through scams such as phishing emails, W-2 scams, delinquent utilities, office supply scams and more. Identity thieves are continually revising their methods to get their hands on this data, as the payoff from business identity theft can be much greater than individual-focused scams.
With so many employees working remotely, cybercriminals have taken advantage of the recent shift to work from home. After all, it may not seem unusual to get an email from “the IT department” asking for password or account information.
The FTC has identified seven types of scams targeting employees, putting both employees and businesses at risk:
- Public Health Scams
- Government Check Scams
- Business Email Scams
- IT Scams
- Supply Scams
- Robocall Scams
- Data Scams
It’s important to share information about such risks within your organization so employees know how they may be targeted. Every employee is a gatekeeper that could provide an entry point to your business systems — Stanford University researchers found that human error accounts for the majority of data breaches.
Cybercriminals often target SMBs because they can have large account balances, higher credit limits and serve as a gateway to the data of larger companies. SMBs also have fewer data security capabilities and lack the resources to investigate such incidents.
As a small business owner, the financial impact of identity crime may result in not being able to fund payroll or pay your taxes, bills, and suppliers — all of which can negatively impact your business’ credit score. Beyond an SMBs own financial accounts, business identity theft can result in reputational damage, operational disruption and regulatory actions.
There are five major signs that may signal that your business has been targeted by identity thieves:
- You receive a rejection notice from the IRS claiming a return was filed using the same Employer Identification Number (EIN) or receive an unexpected tax transcript.
- You notice unusual charges made to your business account or receive bills for items your business never purchased.
- You find records of bank accounts and credit cards opened under your business’ name in your credit file.
- You receive notices from debt collectors for unknown purchases.
- You no longer receive expected business bills or other mail.
Seven Steps for Recovering from Business Identity Crime
Act fast and consider the following when recovering your business assets:
- Notify the appropriate government agencies, such as the IRS and FTC, and file a police report stating that your business is a victim of identity theft.
- Keep a record of all fraudulent activity and reports.
- Notify your vendors and suppliers if they are affected.
- Monitor your bank account statements and credit report for suspicious activity.
- Close any accounts that have been opened or tampered with as a result of identity theft.
- Consider protecting your business and employees with a business identity protection solution to counter the fallout of identity theft.
Identity theft can be a stressor for any small business, especially if you are unsure how to recover.
Tips to Protect Your Business Identity
- Update your security measures. From your antivirus software to business passwords, make appropriate updates to ensure all devices and accounts are protected.
- Encrypt your data. By using encryption, if fraudsters get a hold of sensitive personal or business information, it will be rendered useless.
- Remain vigilant in monitoring your accounts. Even after a case has been resolved, your business identity is still at risk. Continue to monitor your financial and credit accounts.
- Safeguard your employees. If your SMB is compromised, it can affect everyone attached to the company. Offering identity theft protection as an employee benefit will help alleviate the stress and loss of productivity.