Identity Theft Goes Corporate

Almost every day you hear a cautionary tale or warning about how you should be aware of the dangers of someone stealing and misusing your identity to perpetrate fraud. Many of us are less familiar with the threat of Corporate Identity Theft. Corporate identity theft (CIT) is the fraudulent and deliberate misrepresentation of a company’s identity, usually conducted in a “cyber environment”. Usually CIT perpetrators extract money, data or other kinds of information of value from the organization. There has been a marked increase in corporate identity theft in recent years due to the relative simplicity of the crime and the large degree of “trust” people have in doing business online. Perpetrators of CIT can range from disgruntled ex-employees, activists with a platform seeking wider exposure, hackers, and organized cyber criminal organizations.

Needless to say, the impact upon any business that falls victim to corporate identity theft can be highly damaging financially and the reputation or brand of the company can be destroyed. Many companies don’t report they have been victimized to prevent further damage to their company reputation as they worry that they will be perceived as unstable or vulnerable.

Corporate identity theft comes in various forms. The speed at which people can transact business online is now measured in nanoseconds. With the ever-changing advances in information and technology platforms, criminals have become very adept at keeping up with current best security practices online. The same technology that you rely on to conduct your business can also leave you exposed to criminals. Criminals recognize that many private and public sector organizations have access to hefty credit lines to make credit purchases. If a company’s systems are compromised it then becomes a simple task for the hacker to be able to make fraudulent purchases, with items being shipped to rented premises under the business’s name.

There are many ways in which organizations can be susceptible to ID theft. With the assistance of the internet, it is relatively simple to search a host of registries for business information, including statutory documents, patents, trademarks, web domains as well as information that a company volunteers about itself. It can be a fairly simple process to change the names of directors or the registered business address of a company by filing out the requisite forms. Company logos and websites can be easily downloaded and replicated with a few clicks if steps are not taken to protect content.

Phishing is a common technique used to steal company identities — both personal and corporate. Generally this happens via email and internet. For example, the perpetrator would send an email posing as someone in the company that the recipient recognizes and trusts to specific people in an organization, such as the chief financial officer (CFO) or other staff members who have the authority to sign and make significant purchases. Once the email is opened an attached Trojan virus would allow access or “back door” entry to hack into the company’s systems. Through web-based phishing scams, criminals create a copy of a web site and send emails to target specific people in an attempt to get them to visit the site and divulge personal information. This information is then “skimmed” and used by the perpetrator or sold to other criminal organizations.

How You Can Protect Your Business

Establish an information security policy and enforce it. It’s important to establish policies for how information, including customer data, client records and confidential information is handled. Use password protection for important documents and files and regularly monitor user access logs. Create IT controls such as password protection and authentication.

Install antivirus protection on all of your computing machines to protect against viruses and other malicious code. You should also install firewalls to your network and desktop machines to prevent hackers and unauthorized users from gaining access to information stored on your servers and desktop computers. Firewalls need to be managed and monitored. Depending on the type of business you operate, you may consider compliance software to measure, track, and report compliance with security standards.

Educate your staff on the need to be security savvy. Enforce internet browsing and email security policies. Make it easy for staff to report suspicious activity and train them to recognize “red flags”.

Establish a strict mobile security policy. Depending on usage and applications accessed on smart devices such as an iPad, all of your businesses’ confidential data is automatically cached and stored on the device.

Carefully manage your data and manage risk. Get professional advice to help you implement systems to prevent and manage security breaches.

While corporate identity theft is on the upswing around the world, with careful planning and common sense initiatives, and with robust systems and procedures in place, you can make a difference and significantly reduce your company’s vulnerability. To learn more about how to protect your organization, sign up for our free RevITup Data Protection Assessment or contact Megan Meisner at mmeisner@launchpadonline.com.

Related Posts

You Need to Stop Using These D-Link Routers

The Worst Passwords of 2024: Are You Guilty of Using One?

12 Tips to Identify a Fake Virus or Security Alert

How to Keep Your Windows PC Secure on Public Wi-Fi

Profile cancel