Identity theft: keeping fraudsters at bay
By now, businesses are well aware of the standard cyber security protocols surrounding passwords, the importance of sharing data securely and so on. Yet, identity theft and fraud are still prevalent problems for companies across every industry.
Identity theft is a criminal act, whereby an individual or a business’ identity is illegally assumed for the purposes of fraudulent activity and illicit economic profit. If the stolen identity is subsequently adopted and used, this then amounts to identity fraud.
In 2018, Cifas (the national fraud prevention service) recorded just under 190,000 cases of identity fraud — an unprecedented amount and a record high in the UK. Today, fraud continues to rise as cyber criminals are constantly finding new methods to carry out their illegal activities.
What can you do to keep your business safe?
Far from being a problem reserved only for the individual, larger corporations are also at a heightened risk of being targeted by identity theft criminals. Many big organisations have sizeable bank accounts, high credit limits and make regular transfers of substantial sums of money — making it significantly easier for cyber criminals to hide their illicit pursuits amongst day-to-day activities.
You would think that the latest revision of the GDPR would set cyber criminals back and diminish the scope of details available online — and it has, but it has undoubtedly also become easier over recent years for identity thieves to obtain company information.
Information about organisations and their employees is readily available on business websites, sites like Companies House and social media platforms such as LinkedIn. These are the first places cyber criminals will look. For example, through Companies House, fraudsters can file false documents in order to illegally trade under your business’ name and existing reputation.
Details of company credit cards or bank accounts could also be stolen and then sold on the online black market, known as the ‘Dark Web’. And once that information gets into the wrong hands, cyber criminals could cause an irreparable amount of damage before you’ve even detected the details have been stolen.
As well as this, fraudsters may attempt to distribute seemingly legitimate phishing emails to employees, in order to gain access to company information such as bank details or confidential announcements which, if released early, could affect stock value.
It is also not uncommon for emails riddled with viruses to be circulated around the workplace accidentally. Through such malware, hackers could gain access to your company’s internal systems and once they’re in, it can be a challenge to force them out.
Corporate identity theft can, therefore, have detrimental consequences for your business. If you fall victim to identity theft, your company’s finances, confidential information and reputation could all be at risk – and depending on the severity of the crime and financial losses, you could suffer irreparable damage.
Prevention is better than cure
Identity theft can often lead to catastrophic financial losses which could render your business paralysed. As such, all businesses should take out cyber insurance — no matter how big or small or which industry they operate in. No sector is safe from this type of cyber crime, but cyber insurance can cover you and help to keep your company protected.
It is worth noting that financial loss which stems directly from a fraudulent act is often not covered by a standard cyber insurance policy, so it is important to check how inclusive your plan is. Luckily, there are plenty of cyber insurance companies available which offer cover for fraud and financial crime as an add-on to your basic policy.
However, although cyber insurance is a worthwhile investment, prevention is better than cure. The chances of experiencing a breach are much slimmer if the appropriate processes and software are implemented within your business. So, investing in up-to-date cyber security solutions is also of paramount importance to evade identity theft and fraud. Some critical examples of measures which could help prevent identity theft include encryption of employee data, installation of firewalls, automated system updates and using robust total endpoint security solutions (more than just antivirus software).
Educating staff on the importance of not divulging sensitive data to unauthorised third parties is also essential. Remember, time and time again, people have proven to be the weak link in corporate security chains. More often than not, this is down to careless mistakes rather than malicious actions, so it is vital to teach employees what to look out for and what to do if they suspect a communication could be suspicious.
It is also advisable to partner up with a trusted IT specialist or consultant who is uncompromising when it comes to cybersecurity. This specialist should help you to identify any cyber security issues or threats — whether that be a lack of processes, poor compliance, inadequate staff training or failure to make the best use of advanced technologies — and then work with you to remediate the issues that have been identified. They should also be able to offer continuous advice and have access to a wide range of technology solutions to ensure your company is protected from all angles.
Richard Menear is CEO at Burning Tree