There are several different types of small business identity theft. The first type happens to business owners themselves. Many small business owners use their own personal information on their business accounts and licenses making them easy targets for identity thieves who can find their information on public and private databases. The other kind of small business identity theft happens when information is lost or stolen from a small business. Businesses have access to a wealth of information that thieves can use to their advantage. Businesses do not always store or dispose of personal information in a secure manner – there have been reports of medical offices dumping intact files of their patients’ personal information without shredding it first. There are also many ways that a thief can compromise the information that a business has access to, from hacking to posing as a legitimate organization and phishing for the information. The business is then liable and has a responsibility to tell their customers about the loss of personal information.

TrustedID offers protection for small business owners’ identities as well as solutions to offer protection for a business’s customers or employees should the company ever get breached by thieves.

Key Stats:

• About 16 million small business owners use their own Social Security number on their business bank accounts, making them easy targets for identity thieves.
• Identity crimes against small businesses pose a major threat since the U.S. economy relies on small businesses.
• In a report by the Center for Identity Management & Information Protection; a business was compromised in 50% of the cases.
• 34% resulted from insider theft.
• 42% of the insider theft occurs in retail businesses and more than 23% in private and insurance companies.
• The Identity Theft Resource Center estimates the cost to businesses due to identity theft in 2007 at $49 billion.

How to prevent small business identity theft…

Protect your customers:

1. Collect only information you need from your customers. The more information you store, the more information a thief can steal, the higher your costs of secure storage, and the greater potential liability if the information is compromised.
2. Invest in software and hardware to protect your customers’ data. Understand and comply with key industry standards for data storage. Create and display a Privacy Policy that details how your information collects, stores, secures and shares data. Leverage your investment by promoting your security-consciousness to your customers, giving them greater confidence in your business.
3. Create policies to limit access to sensitive information to trustworthy employees who have a valid business reason to access that data.  And even if you consider them to be trustworthy, err on the side of caution and require background checks and drug tests every 12 months.
4. Secure your physical workplace by locking mailboxes, desks, file cabinets, computers, and anything that might contain valuable information. Many identity thieves steal information directly from offices and take advantage of any unsecured access point.  Require all employees to lock office doors every night.  Install video cameras in the office to monitor nighttime activity.
5. Properly dispose of information when you no longer need it. Use a shredder for all paper documents and make sure electronic files are completely destroyed. If your office disposes of large amounts of sensitive information, hire a trustworthy, outside company to do your shredding for you.
6. Sign up with TrustedID to protect your Social Security, credit and bank accounts, health benefits and more.

Protect Owners & Employees:

1. Don’t use your personal information, such as your Social Security number, to run your business.  If your business is a sole proprietorship or a limited liability corporation, apply for an Employer Identification Number (EIN) so you do not have to share your Social Security Number unnecessarily.
2. Beware of phishing scams and requests for sensitive information by phone.  Use the mindset of suspicion whenever anyone or any web site asks you for personal information – credit card numbers, passwords, addresses or dates or birth.  Ignore any correspondence that comes from a bank via email. Respond to anyone asking for personal information via phone by returning their call at a phone number you find on your billing statements or publically available elsewhere. Never use the phone number they provide to you.  Remember that smart thieves know how to spoof caller identification services; don’t trust what you see on your phone’s screen.
3. Review your individual credit reports. This is all the more important if your business depends on your good credit for access to financing. Take note of accounts, addresses or names you don’t recognize.
4. Install anti-spyware and anti-phishing on all desktop computers. Risks to both personal and company information can be eliminated with inexpensive software that prevents some of the most common theft techniques used to by today’s tech-savvy cyber criminals.
5. Offer identity theft coverage as a benefit to help prevent and resolve employee theft.  Identity theft prevention services combine a suite of protections into one easy package, making it easier for employees to protect themselves, and reducing time spent resolving identity theft issues during work hours and on the company’s dime.
6. Offer TrustedID to your employees as an additional benefit. TrustedID also has data breach response services available if your company is ever breached.

The previous tips are the best way for you to prevent yourself from being a victim of small business identity theft.