In some ways, business identity theft is like a powerful hurricane. It rushes in quickly and without warning; wreaking havoc and causing extensive damage and distress in its wake. Each year, business identity theft can be blamed for millions of dollars in losses to large and small businesses alike.
Stealing a business’ identity is a lot easier than you might think. State laws require the public disclosure of proprietary business information. This might include annual reports, management and personnel information, name and address, and employee identification number (EIN). All of this information can be used by thieves to apply for a line of credit or loan. Thieves also have ways of intercepting business credit card information and using this to purchase hundreds of thousands of dollars’ worth of merchandise.
The good news is this—businesses can mitigate the risk of business identity theft and prevent damaging losses by following some simple and effective steps
1. File your annual report on time
Nothing says “I’m not paying attention,” like missing an annual report deadline. That is like waving a huge sign that saying: “Steal my information.” Yet, because many deadlines are tied to the date you formed your company, rather than coinciding with tax filing deadlines, the date can be easy to overlook. This is particularly true if you are operating in multiple states—each of which has its own due date—it can be easy to miss one.
2. Check the secretary of state website regularly
Stay on top of any changes to your business registration information by looking up your business on your Secretary of State’s website regularly or signing up for email alerts if available. This way, you can see if any unauthorized changes have been made (such as changing your business address) and immediately report and reverse the fraudulent activity.
3. Keep your state-required information up-to-date
Most states require a filing if the company changes its name, method of management (for an LLC), number/types of stock authorized (for a corporation), or its registered agent. Many also require notification if the principal officers or business address changes. Keeping this information updated helps ensure you receive notifications from the state—and sends a message to would-be thieves that you are paying attention to the details.
4. Following the IRS’s new procedures to protect business
In an effort to fight the fraudulent tax return aspect of business identity theft, the IRS will be on the lookout for any filing inconsistencies or falsified information. Be prepared to provide the following:
- Name and SSN of the person signing the return: this will verify if the individual is a legitimate employee or trustee of the corporation
- Previous payment history: this return should be consistent with prior ones to reassure the IRS that this is not a random request made by someone looking to defraud the company
- Filing history: be sure to complete all relevant tax forms and not solely the return. This helps prove that the person signing the return is a representative of an actual corporation and not just a singular person
5. Educate your employees about phishing
Phishing is the use of a deceptive email to gather personal information or install malware. Sophisticated phishing techniques make these emails hard to differentiate from legitimate ones. Make sure your employees know what red flags to look for when they receive an email. Examples include bad grammar and spelling, strange attachments, and links to unrecognized sites.
6. Don’t post sensitive on your company website
A surprising number of companies post sensitive information—such as the federal Employer Identification Number—on their website. While you want your website to be informative and to engender trust in your customers, make sure that you limit the amount of information that you disclose to anyone who searches for your company name. (This also makes it more challenging for scam-artists to brand-jack (impersonate) your website.)
7. Check your credit reports regularly
Whether through Dun & Bradstreet or a major credit bureau, you should be monitoring your credit activity on a regular basis to detect and address any malicious activities. You can also request to receive regular email alerts from the top credit agencies.
8. Keep up with business identity theft trends
Technology changes and evolves quickly, so it’s important to be aware of the latest trends in business identity theft. There are several online resources available that provide critical data, statistics, and reports to help protect your business against fraudulent and criminal activity. In addition, many states provide information, including reports of recent scam-related activities, on their secretary of state websites.
9. Stay on top of computer security updates
Small businesses are especially guilty of neglecting to use readily available tactics for minimizing the risk of identity theft. Employees should be installing the latest security programs designed to detect and prevent malicious computer hacking and cyber-attacks.
Unfortunately, it looks like business identity theft is here to stay. With the number of incidents growing each year, and financial losses piling up, it’s more important than ever for businesses to be vigilant. By following these straightforward, common-sense actions you can reduce the risk of business identity theft.