Much of the information a criminal would need to open a credit card under your small business name is easily found online.
US Census Bureau data tells us that 99.7% of US employer firms are small businesses, accounting for 64 percent of net new private-sector jobs. And the largest amount of the nation’s money flows through small business accounts.
It’s why cybercriminals have turned small business identity theft into a big business. We hear about enterprise companies and data breaches – which are serious – but we don’t often hear much about the damage done to small businesses because of identity theft. Here are seven tips, but first, let’s look at why small businesses make such easy targets.
Small businesses – especially if they are incorporated or an LLC – make easy targets for cybercriminals. Much of the information is publicly available. It’s simple for someone interested in stealing a small business identity to find even critical tax information like EINs. The more information a hacker can find, the easier it gets to fish out the rest.
Why go after a small business instead of individuals? It’s where the money is. Cybercriminals want small business credentials for the reasons why these companies incorporate or form LLCs. A business can get credit cards and access to loans with higher limits than these financial institutions offer an individual.
While financial institutions continue to make it more difficult, the process remains relatively easy for a cyber-criminal.
- They find out the name of your company’s corporate officers.
- They request the company’s EIN from a variety of sources.
- Using this and other information available from public sources or human engineering, they open a business credit card account in the company’s name.
By the time a company discovers the unauthorized account opening, the cybercriminal has already maxed out the credit line ordering merchandise with high resale values. The small business is left with the bill and a ding to its credit rating.
Even worse, fewer business credit cards offer the security of stop-loss protection. It’s a common feature for consumer credit cards issued to individuals.
Plus, it’s easy for someone with the appropriate company information to update company information with the secretary of state website to change officer names, addresses, and the company’s registered agent. This allows them to get a certificate of good standing, which can easily facilitate access to even more of your company’s banking and credit information.
Right under your nose
Small Business identity theft is a common and growing occurrence. It’s difficult for financial institutions or enforcement organizations to track because businesses legitimately change officers, addresses, and registered agents all the time. The secretary of state websites basically acts as administrative resources, accepting and changing the information provided based on good faith.
This means that if your small business isn’t constantly monitoring activity and taking proactive steps to monitor your business identity, you’re setting yourself up for possible trouble. Here are 7 tips to help you stay ahead of small business identity theft:
1. Verify business information accuracy
Starting right now, set up a schedule to verify your business information regularly. Get it from the same place cybercriminals would. In most states, it’s available on the secretary of state website by searching your company name.
Does your small business file quarterly taxes? Schedule this information audit to coincide.
2. Keep state-required information updated
Would-be identity thieves often check to see how lax you are in filing information updates. If you don’t keep up, it signals to them that they’ll have an easier time because you’re likely not paying attention. You can show you’re not somebody to mess with by filing required company information changes as soon as possible.
Updating this information also generates notifications from the state, so you’ll signal to any cybercriminals eyeing your company that you’re paying attention.
3. Provide only required information
Does the state where you formed an LLC require you to disclose the members’ names? Don’t provide this information if it’s not necessary. Small businesses often over-volunteer unnecessary information that can be used by cybercriminals.
4. Set up email alerts from your secretary of state
Many states offer email notifications from the secretary of state website when a change is made to your company information. Sign up for this if your state offers this option. It is one of the most effective ways to monitor unauthorized changes that can indicate attempted identity theft.
5. Get a regular commercial credit report for your business
Anyone can request this information about your company, and for any reason. A regular scan of this report can uncover unauthorized actions. It also yields valuable information to you about what your company looks like to potential vendors or lenders if you want to apply for a business credit line or loan.
6. Sign up for credit reporting agency fraud alerts
TransUnion, Experian, and Equifax offer services to help businesses protect their credit ratings. Dun & Bradstreet also offers resources. All four of these organizations have extensive information on their respective websites that can help you decide how to use their services to alert you of unauthorized or fraudulent activity.
7. Watch what you post on your company website
Yes, you want to be accessible to customers by offering them information about you. Be careful, though, to limit the amount of what’s available to someone who searches for your company name.
A watchful eye
In addition to the above steps that largely take care of publicly-available information, it’s essential to protect your protected, sensitive data – including data about your customers – plus your machines and networks from more sophisticated cyber attacks. Malware (including ransomware) or phishing attacks are launched at smaller businesses at an increasing rate. In fact, 61% of small to medium-sized businesses were hit with some form of a breach last year, and the SEC declared that smaller businesses are now the main target for cybercriminals.
Fortunately, proper cybersecurity measures can drastically lower the possibility of a successful attack. Perimeter defense solutions, including a robust firewall, regularly updated anti-malware programs, and employee training that prevents phishing attacks, can go a long way toward protecting your company. A quality outsourced IT managed services provider can help you implement and maintain a defense plan that works.
To learn more about IT managed services and how to protect your data and hardware, contact Network Computer Pros for a free consultation.