Business owners are constantly hearing about the threat of identity theft, but would you know what to do if you were a victim? Would you feel confident you could act swiftly to minimize any damage? For many entrepreneurs, the answer is no.
According to Javelin’s 2020 Identity Fraud Survey (opens in new tab), this type of crime affected 13 million American consumers during 2019, and the total losses stood at almost $17 billion. Once a hacker has access to your business’s information or the personally identifiable data (PID) of your clients, they can buy goods illegally, take out a new line of credit, or even claim a fraudulent tax refund.
Even if you have one of the support packages discussed in our guide to the best identity theft protection, there are further steps you can take if your business’s data has been compromised.
Identity theft: What to do to make sure your business is prepared
It took the average victim of a data breach 280 days to detect the crime, according to data from IBM (opens in new tab). More than any other, this statistic highlights the importance of acting quickly if you are a victim of this type of crime. However, the most effective actions you can take when it comes to identity theft and what to do about it are, in fact, preventative.
As you probably know, identity thieves often gain access to their victims’ data by rifling through their garbage or stealing their mail. It’s therefore essential you carefully dispose of any correspondence containing your personal details.
With many cases of identity theft taking place in cyberspace, it’s also crucial to take all the precautions you can to secure devices in your home and work networks against data breaches. It perhaps goes without saying that the principal step you should take is to routinely change the passwords on all your online accounts, ensuring you use random strings of numbers and letters.
As well as installing robust antivirus software, you might want to select a package that offers a VPN: a virtual private network, which will keep your details anonymous when browsing the internet.
Step 1: Contact the relevant fraud departments
If you suspect you’ve been a victim of identity theft, the feelings of stress and anxiety can be overwhelming. Luckily, most banks and credit card companies offer dedicated fraud departments, with specially trained advisors who can help you deal with these matters.
Contacting these departments should be your first port of call if you suspect you have been a victim. The first step the bank or credit card company is likely to take is to freeze your account, cancel your cards, and work with you to change your security details.
Even if you don’t have access to any paper statements about your account, you should be able to find the relevant phone numbers online. If information such as your Social Security number has also been used in the fraud, you may also want to notify the Internal Revenue Service.
Step 2: Notify your threat protection company
If you have identity theft protection, the next step you need to take is to report the matter to the company that provides your policy. As a part of their services, these providers will work to restore the affected accounts, which should dramatically reduce the amount of stress you experience.
These services often involve freezing your credit, cancelling any cards that have been issued, and arranging replacements. Depending on the policy you choose, the company may also cover any legal costs associated with the crime.
Step 3: Report the crime to the police/FTC
As a victim of identity theft, your first priority may be to limit the damage to your finances and future credit. However, you shouldn’t forget that identity theft is also a serious crime, and you should file a report with your local police department. As well as alerting the authorities to the crime, doing so can create a paper trail in the event of further investigation into the fraud.
You should also report the matter to the Federal Trade Commission (FTC), which monitors data on identity theft. As well as working with government agencies such as the FBI, the FTC can work with you to create a personalized recovery plan.
Step 4: Run a credit check
If you discover your PID has been stolen, there is a strong chance that more than one account will have been affected. The most effective method of checking for anomalies with your data is to run business credit checks with Equifax (opens in new tab), Experian (opens in new tab), and Dun & Bradstreet (opens in new tab), which are the three major credit reporting bureaus.
You should also consider running a check on your personal finances. In order to do so, you should consult Experian and Equifax, as well as TransUnion (opens in new tab). As a part of this process, you can ask for a fraud notification to be added to your file, which will notify potential borrowers checking your credit that your identity has been stolen in the past.
Step 5: Gather evidence
While you’ll no doubt be feeling overwhelmed as a result of the crime, it’s a good idea to provide as many details as possible about your business’s account when contacting the relevant fraud departments. It also helps if you can thoroughly explain the reasons you believe you have been the victim of fraud.
You’ll also be in a stronger position if you can provide a record of your activities during the period in which the fraud occurred, in order to demonstrate you could not have committed the theft.
Step 6: Get everything in writing
If your suspicions prove correct and you have indeed been the victim of identity theft, you may - in a worst-case scenario - struggle to prove you haven’t taken out certain loans, and find yourself pursued for debts you don’t owe.
Whenever you speak to a company representative over the phone, you should keep a note of the employee’s name and the time of the call. It’s also worth sending a follow-up email to confirm the details of your conversation, and request a confirmation of receipt from the company.
Step 7: Seek specialized legal advice
If you can afford to do so, it’s essential you contact a lawyer who has specialized experience in dealing with this type of crime. However difficult it may be for you to accept, the companies involved in the fraud may not automatically believe your version of events, and you may find yourself a suspect. In another major plus point, your lawyer may be able to deal with your alleged creditors on your behalf regarding the identity theft and what to do about it.
Step 8: Notify affected clients
As a business owner, you’re likely to be in a position of trust in which your clients enter some of their PID into your systems. Should you fall victim to a data breach, this means it isn’t only your data that could be at risk.
If your clients’ information has been compromised, you should let the affected individuals know as soon as possible, so they can take appropriate steps in order to minimize damage to their own identities. As such an incident has significant potential for reputational damage and also potential legal implications, it’s wise to take legal advice if your clients’ data has been stolen, as well as consulting your own PR department, if you have one.
When it comes to identity theft and what to do about it, your first instinct may be to panic as you struggle to determine what to do next. Fortunately, there are numerous steps you can take to minimize damage, and get your company’s finances in order.
One point to bear in mind is that you needn’t wait until your business’s data has been compromised to follow certain good hygiene practices in cyberspace, such as regularly changing your passwords and purchasing identity theft protection software. However much of a cliché it may sound, the best offense against identity theft could be a good defense.
To learn more, read about why businesses lacking IT flexibility get left behind.