New identity theft scams are discovered each year. Many are brought to the forefront during tax season, when we’re all using our personal information to file annual taxes. If you’ve been filing for a while, you are probably already aware of the threat identity theft poses and you may already know how to identify a scam. However, fraudsters don’t just target individuals. They also victimize businesses they see as vulnerable, particularly small businesses.
If you’re a small business owner, it’s important to know the signs of these scams and the steps you can take to protect your livelihood. In this post, we’ll share information to help you recognize a potential scam and some steps you can take to prevent expensive data loss.
Table of Contents
- What is ID Theft and Who is a Target?
- How Your Business May be Vulnerable
- Recognizing and Preventing ID Theft
What is Identity Theft and Who is a Target?
Identity (ID) theft occurs when someone steals personal information to commit fraud. That fraud can take many forms. For example, an identity thief may use personal information to fraudulently apply for credit, file taxes, or get medical services. These acts can not only critically damage your credit status, but could force you to spend a lot of time and money to restore your identity.
Here are three common types if ID theft for individuals:
- Tax ID Theft – This occurs when a thief uses your Social Security number to falsely file federal or state tax returns.
- Medical ID Theft – This occurs when a thief steals your Medicare ID or health insurance member number. They may use this information to get medical services or send fake bills to your health insurer.
- Social ID Theft – This occurs when someone uses your name and photos to create a fake account on social media.
Any person or business could be a potential target for identity theft. However, according to USA.gov, children and seniors tend to be the most vulnerable.
Child ID theft can go undetected for many years, which means victims may not know their identity has been stolen until they try to apply for a loan as an adult.
Senior citizens are often targets for identity theft because they share personal information with multiple doctors and caregivers. The number of people and offices that have access to these seniors' personal information is what puts them at risk.
As we mentioned at the beginning of this post, small businesses are also often targets for identity thieves. Let’s take a look at how your small business might be at risk.
How Your Business May be Vulnerable
As a small business owner, you may think identity thieves wouldn’t be interested in your business. After all, you’re not a giant corporation with a ton of money and information. This is a dangerous mindset.
The truth is, while you may have fewer accounts and less capital than a big business, you’re still handling the same types of information. However, because you are a smaller operation, it’s likely that you have less security measures in place to protect this information than a large corporation may have. This makes your business much easier to attack, and therefore puts you at risk.
Here are a couple of examples to explain how your small business could be affected:
- Let’s say a criminal obtains the identity information for your business. They could then decide to hijack that information and acquire credit under your business name. You may not have any idea this has happened until huge bills start filling your mailbox or clogging your email. An awful lot of damage can be done to both your finances and your reputation in very little time.
- Does your business collect a lot of personally identifiable information (PII) such as Social Security numbers, account numbers, or birthdays? You are required by law to protect that information. If a criminal were to steal that customer or client information, it will affect much more than your credit or reputation. You could face multiple lawsuits, fines, and even lose your business entirely over the data breach.
All of this information is intimidating, but the underlying message is clear. You do not want to be trapped in an identity theft scam or data breach. Keep reading for some steps you can take to prevent these things from happening.
Recognizing and Preventing Identity Theft
Identity theft is a serious threat to businesses everywhere. The first step in preventing identity theft from affecting your business is to know the signs of a scam. According to the IRS, here are some of the common signs.
Be alert to possible business identity theft if:
- You can't e-file a return because one was already filed with the same EIN or SSN.
- You get a rejection notice for a routine extension to file request because a return with duplicate EIN or SSN is already on file.
- You receive an unexpected tax transcript or IRS notice that doesn't match anything submitted.
- You receive a Letter 6042C or 5263C from the IRS.
- You don't receive expected or routine correspondence from the IRS because the business address has been changed.
To prevent an attack on your business, it is important to take the strongest actions possible to safeguard your systems and data. When creating or updating a security plan for your business, keep these four points in mind.
- Follow Basic Security Steps
Some security best practices to follow include:
- Installing anti-malware/anti-virus security software with automatic updates on all business laptops, desktops, routers, tablets, and phones.
- Deploying firewall protections on your network.
- Employing multi-factor authentication when available.
- Using responsible passwords that consist of at least eight characters, including numbers, capital and lowercase letters, and special characters.
- Stick to a Data Security Plan
One of the best ways to prevent a data breach or identity theft scam is by creating and maintaining a data security plan. If you have the resources, it may be worth your time to contact a cybersecurity consultant to help you create your plan. Maybe that’s not in the budget right now, but that definitely doesn’t mean you can forget about the plan. Here are a few free resources to help you get started on your own:
- Safeguarding Taxpayer Data – from the IRS
- Start with Security: A Guide for Business – from the Federal Trade Commission
- Small Business Information Security: The Fundamentals – from the National Institute of Standards and Technology
- Educate Employees
Providing employees with basic data security information and best practices can help protect everyone involved. Be sure to talk the time to share these best practices with new employees and give current employees frequent reminders or refreshers. Here are some points to discuss:
- Beware of phishing emails, the most common tactic used to steal data.
- Do not respond to suspicious or unknown emails. If the email is IRS-related, forward it to firstname.lastname@example.org.
- Never open or download attachments from unknown senders, even potential clients. Verify the email is authentic by calling the sender.
- Only email documents that are password-protected and encrypted.
- Use separate personal and business email accounts.
- Protect your email accounts with strong passwords and two-factor authentication, if available.
- Keep EINs Current and Secure
The IRS advises all businesses with an Employer Identification Number (EIN) keep the number safe and the application up-to-date with accurate responsible party and contact information. If you need to update your EIN, visit the IRS website.
Identity thieves are out there, waiting hungrily for the opportunity to steal your money. Don’t give them that chance! Ask the 2020 tax season approaches; take the necessary steps to protect your business, your employees, and yourself.
If you suspect that your business has fallen victim to identity theft or data loss, report it to the IRS immediately. Click here to read more.