Identity theft (opens in new tab) has been a massive problem for a long time. However, fraudsters are getting more sophisticated and trying to stay one step ahead.
In the unprecedented midst of a pandemic, we are seeing a sharp increase in all types of fraud. Unfortunately, experienced fraudsters are exploiting the current chaos, and sadly we are seeing more people turn to fraud to boost their income.
Besides personal identity theft, there has been an increase in businesses falling victim to identity theft. This can be as simple as your website being spoofed, emails being intercepted, and payment details being amended.
As an SME, it is essential to discuss the risks with your customers and suppliers to increase awareness of suspicious emails and cold calls claiming to be from your business.
All businesses are different, so your risks and exposure to identity theft will differ. You should work out what risks you face, both as a business and on behalf of your customers. Where are the danger points, and what can you do to stop them, or at least lessen the risk?
Ensure you’re GDPR compliant
Read the rules again, and then make sure all your employees understand what it means. A data breach is the easiest way for fraudsters to get hold of your information and that of your customers.
Review your IT security
Ensure you have good antivirus software (opens in new tab) installed on all devices employees use to access your systems, including mobile phones. If you’re in a higher-risk business, you should consider using biometrics. Two-step authentication should be standard to access your server. Remind home-working employees regularly of the security basics, such as installing updates, having secure passwords, and changing passwords on the internet hub. Ideally, passwords should be automatically updated regularly on your e-mail system. There is no such thing as ‘unhackable,’ but it is worth employing independent specialists to check and follow their guidance. You can then demonstrate you’ve done your due diligence.
Have a crisis plan in place. The aim should be to limit the damage to your customers and, therefore, to your business. The program should ensure you can immediately inform customers of any breach (if you wait even a day, you will increase their exposure to identity theft). This is also a GDPR requirement.
Consider the blackmail and bribery risks
Fraudsters will target and tempt (with money or blackmail) your employees to steal and sell your customer data. Unfortunately, this is far more common than people realize. It is difficult to stop all the possibilities, but it will help if you have those ‘water cooler’ chats so that you’re aware of what is happening in the lives of your employees.
Be aware of internal fraud
Most internal theft is opportunistic rather than premeditated. You can mitigate this risk by ensuring you have internal controls, with no one having access to payment systems. In addition, two-tier verification is vital for paying invoices, etc., to ensure nobody gets tempted to misdirect a payment or create fake invoices.
Keep control of your assets
Do you have a record of everyone who has access to your email system, website, and social media? If you don’t, it would be straightforward for an ex-employee to pose as you. So keep records and change passwords as soon as anyone leaves the company.
If you suspect you have been targeted or have received a phishing email, this should be shared so others can be alert to the threats. In addition, keep an eye out for new scams by following police and other official bodies on social media.
Double-check by phone
One of the most common and simplest forms of identity theft is when the fraudster poses convincingly as a supplier (or an employee) and asks you to change ‘their’ bank details. Never send money in response to an email or a text, even from someone you know well. Instead, pick up the phone and check every time.
Be wary of cold callers
Never give out sensitive information to someone who has just called you unless you recognize their voice. Always phone them back, on the ‘published’ number, from a different phone (so they can’t pretend to answer your call).
Don’t use public Wi-Fi
It is straightforward to set up an account that looks official. The fraudster will then be able to steal enough personal information to pose as you. If you have to use public Wi-Fi (opens in new tab), check with the server to ensure you access the right one, don’t check with another customer as they could be sitting there waiting for someone like you to ‘help.’