How to protect your business from identity theft

The Internal Revenue Service (IRS) reported an increase of 2.75% in fraudulent business tax returns, indicating a disturbing trend in business identity theft. Unfortunately, small to medium businesses - compared to larger corporations - tend to be primary targets in identity theft due to their lack of security and fraud protection. Keep reading as we cover the ins and outs of business identity theft and discuss the steps you can take to protect your business.

What is business identity theft?

Business identity theft is a type of identity theft in which someone or some entity creates or attempts to use a business’s identifying information without authority and with the intent to defraud or hurt the business in some way. The National Cyber Security Society (NCSS) has identified the following four primary types of business identity theft:

• Financial Fraud: This includes using a business’s identity to obtain lines of credit, loans, or credit cards, or otherwise creating fraudulent Uniform Commercial Code (UCC) filings.
• Tax Fraud: This includes actions such as filing fraudulent tax returns with the intent to gain access to subsidies or refunds owed to the business.
• Website Defacement: This occurs when the thief manipulates a business’s website or identity on the internet.
• Trademark Ransom: Thieves sometimes will register a business’s name as an official trademark and then demand a ransom in order to release it.

Business identity theft can lead to a variety of negative outcomes, and it’s become a growing problem as technology evolves and more business information is accessible online. These issues include problems with vendor payments, negative credit reports, state and federal tax disputes, and damage to a business’s overall reputation.

Common schemes used by criminals to steal a company’s identity include, but are not limited to, the following:

One primary tactic to be on the lookout for are phishing emails and phone calls. Any email or call that appears to have come from an official source, but which is asking for financial information or other identifying information related to your business should be handled with skepticism.

How to identify ongoing business identity fraud

Many signs indicate your business may have had its identity stolen. Some key red flags are the following:

• You are unable to e-file your business tax return because one was already filed under the same Employer Identification Number (EIN).
• You receive a tax document, credit card bill, or other notice that is inconsistent with anything you’re expecting.
• The Internal Revenue Service (IRS) sends you a Letter 6042C or 5263C. The IRS may send one of these documents to verify your business information if something doesn’t add up on their end.
• You fail to receive expected correspondence from the IRS, a vendor, or a creditor. If this happens, it might mean your business address has been changed without your knowledge and the documents are being sent elsewhere.
• Your business credit score changes without any obvious reason.
• Your business is unexpectedly denied credit.

If any of these signs occur, you should investigate further. A good place to start is by getting a copy of your business credit report and performing a thorough review of all business accounts to look for unauthorized activity.

What to do if you’re a victim of business identity theft

If you find evidence that someone is using your business’s identity for nefarious purposes, the next step is to take action. Immediately notify your bank and any creditors of what has occurred. They can help track down unauthorized transactions and also put a stop to any future ones. You should also report the issue to all of the business credit reporting agencies, including Dun & Bradstreet, Equifax, Experian, and TransUnion.

Next, collect any documents that show fraudulent activity, including tax returns, bank statements, and emails, and notify local law enforcement officials. If the thieves made any changes with the Secretary of State or the IRS, you should immediately contact both to correct the issue. The IRS has procedures outlined on their website that inform business owners exactly what to do if this has happened to them.

4 Steps to protect your business

It’s always best to take protective steps before theft can occur. The following 4 steps provide an outline to help you get started:

1. Shred Documents and/or Go Paperless: Shredding destroys all sensitive information before documents are recycled or make their way to the trash. Going paperless also prevents thieves who might steal incoming or outgoing mail as well.
2. Protect Your Data and Network: Make use of robust security measures such as firewalls and anti-virus software to make sure would-be thieves can’t hack into your corporate network to steal critical business information they might use to impersonate you. Services such as SoftwareOne’s Managed Detection & Response can help secure your business against a wide variety of cyber threats.
3. Educate Your Employees: The easiest way for many criminals to get access to your business’s information is through phishing scams. These scams rely on human error, so training employees to identify them is critical. Consider programs such as SoftwareOne’s Cybersecurity User Awareness to help close your workforce’s security knowledge gap.
4. Monitor Your Credit: Continuously monitoring your business’s credit will mean you are alerted right away if anything unusual happens.

It’s also important to make sure your company regularly backs up all data in a way that keeps it safe and secure. SoftwareOne’s BackupSimple covers the main pillars of modern data protection, protecting your hybrid cloud workloads, SaaS apps, and endpoints alike