Identity theft, whether it involves businesses or individuals, is all about information. Criminals can’t hijack a business or impersonate someone without it.
That means anywhere information is stored is potentially valuable to an identity thief. In fact, that’s why cybercriminals are always trying to steal customer data from retailers. Those databases are gold mines for crooks who want to impersonate individuals.
Likewise, Secretary of State websites, with their lists of registered businesses, are equally valuable to identity thieves looking to hijack businesses.
But databases and websites aren’t the only places where criminals can find critical information about your business. Savvy identity thieves know they can learn everything about your business without ever touching a computer.
How? you ask. By talking with your employees.
Your employees have access to valuable information
Identity thieves don’t care how they get information about your business. If they can skim the necessary data points off a government website, great.
But people hold information, too. Or the thieves can look it up.
That means every person who works for your business is a potential leak – a potential entry point where criminals can access information. And identity thieves know it.
So, if you’re worried about identity theft, everyone involved in your business needs to be educated about it.
Identity thieves are tricky
The most important thing you can teach your employees is how criminals try to trick businesses into revealing critical information.
The most common way they do it? By posing as one of your customers.
Identity thieves might call your office, acting as though they’re interested in buying your products or services. During the call, they’ll ask seemingly innocuous questions, plumbing for information about your business, such as your Employer Identification Number.
This strategy frequently works because the thieves are charming and sound innocent. But it’s one of the easiest ways for thieves to acquire the information they need to steal your company.
So, what’s the solution? Training your employees to think twice before revealing any critical information about your business, at least before they verify who they’re talking to.
That’s really the key here: Making sure your employees verify that the people they’re talking to on the phone or trading e-mails with are really who they say they are.
Verify, Verify, Verify
Remember, we’re talking about identity thieves here. Their business, by definition, is pretending to be other people.
That means your employees shouldn’t only be wary of strangers who call or e-mail. They should think critically about calls from long-time customers and vendors, too.
Say, for instance, one of your employees receives a call from someone who identifies himself as your long-time vendor John. Your company occasionally wires money to John. The man on the phone says he has a new bank account and wants you to change the routing instructions. This should be a red flag.
In many if not most cases, the employee will change the routing instructions without thinking twice. But that’s the wrong move. The employee should stop for a moment and consider how he or she knows, for certain, that the caller on the other end is in fact John.
Perhaps the employee could look at the caller ID and compare it to the last phone number you have on file for John. Or, if the request came via an email, the employee could compare the sender’s address to John’s known e-mail, looking carefully for any slight changes, like a .com suddenly becoming a .net.
Every business is different. I can’t give you a checklist of things your employees should and shouldn’t do. Rather, the best course of action is simply to teach all of your employees to slow down when taking phone calls or responding to emails.
They need to learn to ask themselves, What could someone do with the information they’re asking of me? Is this information critical to identifying our business? In the wrong hands, could this information be used to harm our business?
If the answer’s no, no problem. But if it’s yes, your employees should be taught to verify the identity of the person they’re speaking with before giving out any information.
Just the simple act of creating an office culture where your employees are encouraged to slow down and think critically will go an incredibly long way toward stopping business identity thieves in their tracks.
Keep your eyes peeled
The other vital thing your employees should learn is to be watchful of the correspondence your business receives.
Clues to identity theft often appear in the mail in the form of letters from unfamiliar lenders or e-mails welcoming your business to a service no one internally has heard of.
If your business is anything like mine, it gets a lot of mail and e-mail. There’s no way that you, as the owner, will have time to go over everything that comes in.
That means everyone in your business needs to know the importance of looking out for strange correspondence.
These are simple things – slow down, think twice, look carefully at what you’re reading – but they’re vitally important to protecting your business from identity theft.
Company Alarm is dedicated to helping business owners protect what they have worked so hard to build. Our monitoring software is designed to prevent cybercriminals from exploiting loopholes to hijack your company and assets. To sign up for this low-cost, value-added protection, click here.