So many business owners think that identity fraud only happens with individuals. Unfortunately, this is just not the case. The incidence of identity fraud involving businesses is increasing, and to complicate matters even further, state laws against stealing an individual’s identity are much more rigorous than those against stealing the identity of a business.
I see identity theft occur most often with businesses when employees are given a company credit card. It is so easy for a thief to get your card number and use it to make unauthorized purchases. This is why it is so critical that you go over your credit card statements regularly to ensure there are no fraudulent charges. Obviously, you do not want to leave that responsibility with the cardholder as it would be too easy to hide any abuse. It is always a good idea to have some checks and balances in place.
Where identity theft is concerned, prevention is key. One essential piece of avoiding theft and misuse of your information is changing your passwords every 45 to 90 days. You should always make sure the passwords you choose are complex by using a phrase to remember them. Changing passwords often can be a pain, but it is so important to protect your financial information against unauthorized access.
Another good rule of thumb is to never send any identifying information at your bank’s request. There are numerous scams out there that do a very good job of disguising themselves as your financial institution. No matter how valid they seem, you must always verify with your bank that the information is legitimate.
Be so careful about how you use your wireless network. If your network is not protected, your information can be stolen so easily. You should never transfer sensitive information on a wireless or any other network without encrypting it first.
Free public wireless networks are one of the biggest potential dangers. Should a staff member use one of these public networks to either send or receive sensitive data, it could leave your company open to identity theft. This can happen so easily since most of these wireless hubs have no security. Before you can access them, you have to sign off that you understand the risks of using the network and agree not to hold the provider responsible in the event of a breach.
As an additional layer of protection, business owners should establish a call-back procedure with their financial institution. The bank will call the account owner to verify the transaction before any transfers are made, especially in the case of wires.
Another important practice is always shredding documents that contain your financial information. It is so easy for thieves to go through the trash and find your financial records. For me, shredding is kind of therapeutic. I like to hear that shredder going because I know that no one else will be able to access these documents. You should make sure you have a shredding policy in place, and it is not a bad idea to start moving toward a policy that prohibits hard copies of these records.
Another easy, but effective practice is turning off your PCs when you leave at night. Many businesses leave their machines on, which gives a hacker a lot of time to run password-breaking programs against their financial applications.
Finally, make sure that your virus checker and firewall are up to date and that all downloaded documents are checked for viruses or any other malware.
Now go and make sure you have a policy in place to ensure your business identity remains secure. These steps are absolutely critical if you want your business to continue to operate safely without falling victim to identity theft.
Jerome S. Osteryoung, director of outreach services at the Jim Moran Institute in the College of Business at Florida State University, can be reached at (850) 294-7478.