Shielding your business: 10 effective strategies to minimize the threat of identity theft

Umbrellas providing protection
(Image credit: Photo by Catrin Johnson on Unsplash)

Identity theft has been a significant issue for a long time, and fraudsters are becoming more sophisticated in their methods. The ongoing pandemic has led to a substantial rise in fraud. Unfortunately, experienced criminals are taking advantage of the current confusion, and more people are resorting to fraudulent activities to make money.

Furthermore, businesses are also increasingly falling victim to identity theft. This can be as simple as scammers creating fake versions of a company's website, intercepting emails, or altering payment details.

It is crucial for small and medium-sized enterprises (SMEs) to have discussions with their customers and suppliers about the risks of fraudulent emails and cold calls that claim to be from their business. Since each business has different risks and potential exposure to identity theft, it is important to identify the hazards that your business and customers may face. You should determine the danger points and take adequate measures to mitigate the risks or prevent them altogether.

Ensure you're GDPR compliant

Please reread the rules and ensure all your employees understand what it means.  A data breach is the easiest way for fraudsters to access your information and customers.

Review your IT security

It is essential to have reliable antivirus software installed on all devices used by employees to access your systems, including mobile phones. If your business is at a higher risk of cyberattacks, it is recommended to consider using biometrics. Standard two-step authentication should be in place to access your server. Regularly remind employees who work from home of security basics, such as installing updates, creating strong passwords, and changing passwords on the internet hub. It is ideal to have passwords automatically updated regularly on your email system. Remember, there is no such thing as "unhackable," but it is worth hiring independent specialists to check your security and follow their guidance. This way, you can demonstrate that you have done your due diligence.

Plan effectively

Have a crisis plan in place. The aim should be to limit the damage to your customers and, therefore, to your business. The program should ensure you can immediately inform customers of any breach (if you wait even a day, you will increase their exposure to identity theft). This is also a GDPR requirement.

Consider the blackmail and bribery risks

Fraudsters will target and tempt (with money or blackmail) your employees to steal and sell your customer data. Unfortunately, this is far more common than people realize. It is difficult to stop all the possibilities, but it will help if you have those ‘water cooler’ chats so that you’re aware of what is happening in the lives of your employees.

Be aware of internal fraud

Most internal theft is opportunistic rather than premeditated. You can mitigate this risk by ensuring you have internal controls, with no one having access to payment systems. In addition, two-tier verification is vital for paying invoices, etc., to ensure nobody gets tempted to misdirect a payment or create fake invoices.

Keep control of your assets

Do you have a record of everyone who has access to your email system, website, and social media? If you don’t, it would be straightforward for an ex-employee to pose as you. So keep records and change passwords as soon as anyone leaves the company.

Share risks

If you suspect you have been targeted or have received a phishing email, this should be shared so others can be alert to the threats. In addition, keep an eye out for new scams by following police and other official bodies on social media.

Double-check by phone

One of the most common and simplest forms of identity theft is when the fraudster poses convincingly as a supplier (or an employee) and asks you to change ‘their’ bank details. Never send money in response to an email or a text, even from someone you know well. Instead, pick up the phone and check every time.

Be wary of cold callers

Never give out sensitive information to someone who has just called you unless you recognize their voice. Always phone them back, on the ‘published’ number, from a different phone (so they can’t pretend to answer your call).

Don't use public Wi-Fi

It is straightforward to set up an account that looks official. The fraudster will then be able to steal enough personal information to pose as you. If you have to use public Wi-Fi, check with the server to ensure you access the right one, don’t check with another customer as they could be sitting there waiting for someone like you to ‘help.’

More from TechRadar Pro

Francesca has more than 20 years’ experience of working in the regulatory field, most recently in risk and compliance. She has worked across many sectors including gambling, legal, financial services and banking. Previous employers include Virgin Money and Leo Vegas Group She is business banking app, Amaiz’s resident expert in compliance, GDPR, fraud prevention, identity theft and money laundering.