Your small business is at higher risk of identity theft than you realize.
Why would someone steal the identity of a business entity? The thieves can use the business’ credentials to open lines of credit, purchase high valuable resaleable goods, make a tidy profit, and then disappear. In fact, it’s often easier to gain access to credit via a business identity than trying to charge thousands of dollars to an individual’s credit card, which are typically protected by monitoring programs and stop-loss protections. Often, all it requires is information that is already publicly available and widely distributed, like your federal tax employer identification number (EIN).
Think your small business is too small to attract such unsavory attention? Remember, according to a Verizon Report, nearly two-thirds (59%) of data breaches targeted small businesses. Bad actors know that small businesses are often understaffed and under-skilled for dealing with these kinds of threats.
Similarly, the IRS reported a 250% increase in the incidence of business identity theft between 2016 and 2017. The raw number of corporate tax returns flagged for potential business identity theft in 2015 was a measly 350. In just the first half of 2017, it was 10,000.
What can you do? Thankfully, many of the best practices for small businesses to protect themselves echo recommendations for individuals, making them straightforward to apply.
- Sign up for alerts and account monitoring from financial institutions. As with personal financial accounts and credit cards, it’s usually possible for businesses to set custom alerts if credit charges are made over a certain amount, to limit the amount of cash that can be withdrawn in any one day, etc.
- Check credit reports and financial accounts regularly. Small businesses can be particularly susceptible to missing red flags and indicators of fraud, particularly if the owners are trying to do everything themselves. However, it’s critical to stay on top of the business’ financial status at all times. The faster you identify fraudulent activity, the sooner you can put a stop to it.
- Avoid disclosing sensitive business information. It’s easy to treat the EIN like it’s less critical to keep secret than an SSN, but this is not true. The EIN is incredibly valuable information for thieves, who could use it to file a false tax return in a business’ name.
Don’t forget employees. One issue that hits businesses more than individuals: your surface area for attack is much wider, thanks to your employees. According to a survey from Shred-it, an information security company, employees are the weakest link in business security. Employee negligence and error were behind 47% of corporate data breaches. That means you need to take proactive steps to shore up employee behaviors. Educate them about security protocols and how to identify common attacks, like phishing (fraudulent emails that look like the real deal, requesting sensitive information used to hack organizations). You might also disallow personal devices to be used with work information, or require security controls, like passwords.
CoAdvantage, one of the nation’s largest Professional Employer Organizations (PEOs), helps small to mid-sized companies with HR administration, benefits, payroll, and compliance. To learn more about our ability to create a strategic HR function in your business that drives business growth potential, contact us today.