Identity theft: keeping fraudsters at bay

(Image credit: Shutterstock / GoodStudio)

By now, businesses are well aware of the standard cyber security protocols surrounding passwords, the importance of sharing data securely, and so on. Yet, identity theft and fraud are still prevalent problems for companies across every industry.

Identity theft is a criminal act whereby an individual or a business’ identity is illegally assumed for fraudulent activity and illicit economic profit. If the stolen identity is adopted and used, this then amounts to identity fraud.

What can you do to keep your business safe?

Far from being a problem reserved only for the individual, more giant corporations are also at a heightened risk of being targeted by identity theft criminals. This is because many big organizations have sizeable bank accounts and high credit limits and make regular transfers of substantial sums of money — making it significantly easier for cyber criminals to hide their illicit pursuits.

You would think that the latest revision of the GDPR would set cybercriminals back and diminish the scope of online details — and it has. Still, it has undoubtedly become easier over recent years for identity thieves to obtain company information.

Information about organizations and their employees is readily available on business websites, companies like Companies House, and social media platforms like LinkedIn. Unfortunately, these are the first places cyber criminals will look. For example, through Companies House, fraudsters can illegally file false documents to trade under your business’ name and existing reputation.

Details of company credit cards or bank accounts could also be stolen and sold on the online black market, known as the ‘Dark Web.’ And once that information gets into the wrong hands, cybercriminals could cause irreparable damage before you’ve even detected the details have been stolen.

As well as this, fraudsters may attempt to distribute seemingly legitimate phishing emails to employees to gain access to company information such as bank details or confidential announcements, which, if released early, could affect stock value.

It is also not uncommon for emails riddled with viruses to be circulated in the workplace accidentally. Through such malware, hackers could gain access to your company’s internal systems, and once they’re in, it can be challenging to force them out.

Corporate identity theft can, therefore, have detrimental consequences for your business. If you fall victim to identity theft, your company’s finances, confidential information, and reputation could all be at risk – and depending on the severity of the crime and financial losses, you could suffer irreparable damage.

Prevention is better than cure

Identity theft can often lead to catastrophic financial losses, paralyzing your business. As such, all companies should take out cyber insurance — no matter how big or small or in which industry they operate. No sector is safe from this type of cybercrime, but cyber insurance can cover you and help to keep your company protected.

It is worth noting that financial loss which stems directly from a fraudulent act is often not covered by a standard cyber insurance policy, so it is essential to check how inclusive your plan is. However, many cyber insurance companies offer cover for fraud and financial crime as an add-on to your basic policy.

However, although cyber insurance is a worthwhile investment, prevention is better than cure. The chances of experiencing a breach are much slimmer if the appropriate processes and software are implemented within your business. So, investing in up-to-date cyber security solutions is paramount to evading identity theft and fraud. Some critical measures that could help prevent identity theft include encryption of employee data, installing firewalls, automated system updates, and using robust total endpoint security solutions (more than just antivirus software).

Educating staff on the importance of not divulging sensitive data to unauthorized third parties is also essential. Remember, time and time again, people have proven to be the weak link in corporate security chains. Often, this is down to careless mistakes rather than malicious actions, so it is vital to teaching employees what to look out for and what to do if they suspect a communication could be suspicious.

It is also advisable to partner up with a trusted IT specialist or consultant who is uncompromising regarding cybersecurity. This specialist should help you identify any cyber security issues or threats — whether a lack of processes, poor compliance, inadequate staff training, or failure to make the best use of advanced technologies — and then work with you to remediate the issues that have been identified. They should also be able to offer continuous advice and access a wide range of technology solutions to ensure your company is protected from all angles.

Richard Menear is the CEO at burning.  His specialises are in operational risk management and has held senior positions in a number of global financial institutions. He is responsible for the overall management and day-to-day running of Burning Tree, where he supports the directors in the delivery of their assignments and on the development of the consulting practice in the field of information risk management.