Protecting Against Business Identify Theft

| December 28, 2018 | Regulations & Security

If protecting against business identity theft isn’t among your highest priorities, you may be placing your enterprise in dire jeopardy.

Business identity theft — when a thief will hijack a business’s identity and use it to get credit cards or open lines of credit with banks or retailers — doesn’t just happen to big corporations. In fact, as large companies implement more advanced anti-theft technology, the bad guys are turning their sights on smaller businesses. Those who fail to craft a data protection plan or promote company policies protecting against identity theft are open prey for these attacks.

Another ominous threat involves business taxes. In these cases, criminals steal a business’s information to file fake tax returns in the hopes of cashing the tax return check. According to the SBA, you or someone who files tax returns for your business should watch out for:

  • Rejected e-file returns (or rejected requests for an extension to file) because the IRS already has one with the same identification number
  • An unanticipated tax transcript
  • An IRS notice unrelated to any documentation you have filed

Clearly, these are dangers no small business can afford to ignore. Here are some helpful tips to better protect your company against business identity theft:

Monitor Credit Reports on an Ongoing Basis

If you haven’t done so already, open a subscription with the three major business credit bureaus:

  • Equifax Business
  • Experian Business
  • Dun & Bradstreet (D&B)

You can register with these agencies and they will provide real-time alerts on credit card activity involving your business.

Mastercard, in partnership with identity protection industry leader CSID, can monitor and protect your credit card transactions. This valuable service is available to Mastercard U.S. cardholders to help detect and resolve cases of identity theft.

Protect Sensitive Business Documents

While much of your business documentation may be stored in the cloud, there’s good reason to keep hard-copy documents and records securely stored in a protected location. Be extremely careful about sharing any sensitive materials such as financials or bank statements with anyone, unless you have an established relationship with the other party. Also, if you need to securely dispose of any hard-copy paperwork, micro shredders are an ideal choice.

Invest in the Right Anti-Theft Technology

Like any other essential component of business operations, anti-virus and anti-malware technology (along with the right type of firewall) is an absolute must for small businesses. Take some time to research the best system for your business or hire a security consultant to advise on the best products for your business. Off-the-shelf security options exist, but you should carefully check what these packages cover (and what they don’t cover) to make sure you have the right protections in place.

Working with a security specialist can also provide some piece of mind. A specialist can get your software, hardware and monitoring systems set up properly and conduct periodic penetration testing to ensure that all security systems are up to date.

Establish Policies to Safeguard Information Online

Unfortunately, it’s easy to forget what does and doesn’t constitute sensitive business information and to mistakenly share the wrong data online. Identity thieves can have a field day with this kind of “data plunder.” For the record, here are things you should never send via email or post on social media:

  • Employer identification numbers
  • Financial and/or accounting documentation
  • Customer lists
  • Personal finance information

This should apply across the board throughout the organization. Establish clear-cut policies so employees understand the critical importance of being smart about their social media activity, both on and off the job. Setting guidelines — and training employees in the proper use of these guidelines — underscores the high value you place on protecting against business identity theft for all concerned.

Guard Against BYOD Infractions

Speaking of employees, it’s imperative that anyone who receives or transmits sensitive data on mobile devices should strictly adhere to data-protection policies. Be sure employees maintain complex passwords and change these passwords on a regular basis. Employee negligence or failure to follow company guidelines is a frequent weak point allowing for business identity theft.

Assess Your Vendors’ Commitment to Identity Protection

Your trusted vendors should have rock-solid anti-identity-theft safeguards in place as well. How do they store your data? What’s their policy for conducting confidential interactions with your employees? Ask for a comprehensive description of each vendor’s data-security safeguards to ensure that third parties are just as committed as you are to protecting information with continuous monitoring and safety solution upgrades.

As with your personal information, the theft of your business identity can result in potentially crippling damage. While most business owners aren’t experts in the field of data security, that shouldn’t stop you from learning as much as possible and calling upon individuals and organizations to provide the safeguards they need for the protection of their business.

Lee Polevoi
Lee Polevoi
Lee Polevoi is a veteran freelance business writer specializing in exploring the opportunities and challenges facing small businesses in the U.S. today. A former senior writer for Vistage International (a global membership organization of CEOs), Lee regularly produces articles, white papers, blog posts and more for the diverse small business audience.

See all posts by Lee Polevoi
  • All views expressed on the published articles at are those of each of the authors, and do not in any way represent the opinions of Mastercard International Incorporated or any of its affiliates (“Mastercard”). Mastercard is not responsible of the information contained in these articles.