It is vital to know how to protect your business and employees in a digital world that regularly provides new avenues of exploitation for criminals. Given that pandemic-hit 2020 saw cases of identity theft double in the USA alone—with nearly 1.4 million cases identified by the Federal Trade Commission (FTC)—the risk to businesses is clear.
In this article, we’ll outline how to avoid becoming a victim of identity theft, how to prevent security breaches, and educate others to do the same. For more ways to protect your business, check out our guide to the best identity theft protection.
Identity theft: How to prevent it happening to your business
The first thing to do when considering how to protect your business against the risk of identity theft - sometimes referred to as corporate or commercial identity theft - is to plan and prepare.
It’s hard to defend against an enemy that you know nothing about, so every business owner would be wise to read up on the latest ways in which those with malicious intent are stealing key data from businesses and using it to commit fraud.
In the USA, the FTC offers a range of materials to help individuals and businesses protect themselves against the dangers of identity theft and fraud.
Step 1: Implement offline protections
Certain offline security procedures may seem a little old school to companies well-accustomed to modern-day business practices such as cloud-based storage. But, unlike many successful businesses, not all criminals have assimilated themselves as comfortably into the digital sphere.
So while protecting against 21st-century problems like hacking and malware are obviously integral steps, it’s also true that a proportion of identity theft cases still emerge from instances where ‘non-cyber’ criminals have been able to steal or stumble upon sensitive paper documents.
To protect your business against this, try to avoid printing unless strictly necessary, and ensure that all banking correspondence is sent as digital statements rather than by post. As well as the environmental advantages, it’ll result in fewer opportunities for key documents to be lost, misplaced, or inadequately disposed of.
Of course, it’s not always possible to run a paper-free business. But where documentation must be printed, ensuring that your business has strict data protection protocols in place should prevent those documents ending up in the wrong hands.
Step 2: Staff education and protocols
Depending on the size and nature of the business, employees may regularly come into contact with sensitive information that is likely to be a security risk should it come into the possession of fraudsters.
Offering regular training should ensure that staff are clued-up on the risks and able to adhere to all security guidelines. In terms of cybercrime, education should revolve around common phishing scams, and about when and where it is appropriate to enter sensitive company data online.
For paper documents, providing employees with industrial shredders - accompanied by a policy that requires their use before disposing of paper documents - would be one effective offline example.
Similarly, for physical documents that need to be retained and archived (such as contracts or wills) in an efficient but robust filing system, implementing a staff access log is advised, listing which employees had access and when.
An efficient file access management system should be able to do the same job for access to digital assets, while device management software (such as Google Workspace’s Endpoint) allows businesses to lock or even wipe any registered employee devices that are missing or stolen.
Finally, employees working in accounts can be trained to review bank statements for unusual activity, or to set up bank alerts for high or unusual payments (many banks now implement this as standard).
Step 3: Use password managers
Staff training should also include the importance of choosing strong passwords, avoiding the use of personal information like birthdays or children’s names. After all, what’s easy to remember for a user is often easy to guess for a hacker.
To help employees choose strong passwords without worrying about how they’ll remember them, businesses can install top password managers that will automatically store all login data securely.
Step 4: Install a VPN
Using virtual private networks, or VPNs, will ensure more protection for your business network. By encrypting the connection between the network servers and the devices that access it, VPNs make it very difficult for cyber criminals to track your activity or access your data.
In an age when working from home has become mainstream, using VPNs is also especially prudent for individual remote workers needing access to the company’s internal network. Given that this connection is most likely to be made using a standard home internet service provider, it is unlikely to be as secure as a business’s internal network.
Step 5: Use protection software
With hackers constantly changing their techniques and methods for gaining access to digital places, it’s important businesses keep up to date with the latest protection software.
This means that, in addition to implementing IT best practice tips like regularly updating operating systems, businesses should aim to have the latest software for combatting everything from malware to ransomware and, of course, identity theft. The likes of Avast, Kaspersky and Webroot offer business-level antivirus protection, with leading features including file, web, and email monitoring; firewalls; and network attack blocking.
Meanwhile, quality software to prevent identity theft includes IdentityForce, Norton LifeLock, and ADT Identity Protection, which not only come with theft and credit alerts but also stolen funds insurance.
- Read our IdentityForce review
Now that you have your step-by-step guide to keeping your business safe from identity theft and other security risks, you should have all the information you need to get started on securing your company data, online and offline.
Don’t forget the importance of ensuring all employees are up to date on the ways in which to make your business more robust, and the latest ways in which criminals will try to access company data.