Protecting Your Business from Identity Theft

April 14, 2021

Business identity theft protection

Identity theft is when someone’s personal details are stolen, often to be used to acquire goods of services without paying for them. For example, the fraudster can use your information to gain a new credit card and then use that card to buy purchases without even paying for it. Because that card is in your name, you are the one that the credit card company seeks payment from.

There are other instances where data is used fraudulently such as opening a bank account, gaining control of an existing account, getting a new passport or driving license. It’s not only an individual’s details that can be stolen, but also businesses that are becoming victims with fraudsters using information to set up new business accounts.

You can find out more about identity theft here.

Types of Data

Customer data (consumer)– ensuring that your customer’s data is secure is of paramount importance for businesses. GDPR legislation details the steps a business needs o take to make sure that any personal information is kept with the persons permission and that it is stored safely.

Customer data (businesses) – you will of course hold information about your customers if they are businesses. Any company confidential information should be stored securely, and password protected if stored on IT equipment.

Employee data – A business holds information about their employees and so needs to make sure that this is stored securely, both electronic data and paper copies. Only certain staff members should have access to certain information and only those that absolutely need it. This includes things like home address, copies of identification, salary information.

Supplier data – You may have less information about your suppliers, but all the same it is important that sensitive data is kept private within the company. NDA’s and pricing agreements particularly.

Reducing the Risk of Identity Theft?

In the same way a person will monitor they’re on influx of email businesses need to do the same. Whilst any good IT department or company will do their utmost to stop malicious email coming into the business, it’s almost impossible to stop it completely.

Educate your staff as to what they need to look out for in any emails coming in, making sure that they know what phishing emails look like and what your internal procedure is for dealing with them.

Good anti-virus and firewall software should be installed on servers and computers and any equipment used outside of the office network needs to be protected. A programme of software updates should be adhered to, this reduces the risk of viruses.

The use of strong passwords should be encouraged, some companies generate random passwords (by the IT department) which stops people using easy to remember, or personal information as their password, which whilst convenient is easy to hack.

Any confidential papers should be stored in a fireproof and lockable place and destroyed when no longer required.

Banking information, credit and supplier accounts should be regularly reviewed, and any odd transactions investigated.

Dealing with Old IT Kit

A data wiping or secure data destruction service such as that offered by Recycling Your It will ensure all data is erased properly and fully documented so that personal data cannot be reinstated in the future. This allows proper recycling or disposal and ensures a company adheres to current legislation regarding the disposal of data.

A certificate of destruction is supplied which keeps any insurance cover intact and gives businesses peace of mind that data cannot fall into the wrong hands.