Did you know that your Business’s Identity can be stolen?
Yes, just like your personal identity can be used fraudulently, your business‘s identity can be stolen. Unfortunately, there are fewer and much weaker protections for your business than you enjoy as an individual. In short order, you can find yourself in deep discussions with the IRS about unpaid employee taxes, find your corporate structure with the Secretary of State has been transferred, or your online business identity now points people to your competitors! A poor or non-existing corporate structure can, potentially, leave business owners personally liable for losses.
As always, most identity theft is about money. Specifically, it is all about getting your money into a thief’s pockets. A disgruntled employee or an irate client can be out to embarrass you but these occur at a far lower rate. Scams involve getting your identification numbers, signatures and personas, then getting other institutions to give the thief your money.
The IRS is a monolithic, gargantuan beast that runs on computer systems that are decades old. One part of the IRS doesn’t talk to the other. A thief that gets your Employer Identification Number (EIN) can file fake W2s, reporting wages and huge overpayments of state and federal taxes for fake employees. A quick tax return and they get paid by the IRS. When taxes eventually get reconciled, the IRS will be knocking on your door for payment of back taxes. The IRS assumes you are guilty until proven otherwise and proving someone doesn’t exist is much harder than you can imagine. Similar scam can occur with unemployment benefits.
Your bank accounts are prime targets. Banking laws provide much shorter time frames to report fraud and much less protection if and when it occurs. Wire transfers from your accounts require very little information and authorization unless you specifically ask for it. A routing number, account number and the name of an authorized signer can be all it takes to initiate a transfer of funds. It can be very difficult to recover these funds even if reported hours after the theft! A business’s online identity can be critical to its success. Unless you actively seek out and claim your businesses’ listing on directory services like Google +, Yelp, Twitter, Facebook someone else will. Nothing like someone searching for Shoe Repair and finding out that your listing on yelp was claimed by a competitor and lists their phone number, website and address. Domain names can be taken if they are allowed to expire, listings have bad or outdated info or websites are compromised. A domain can be petitioned and transferred by devious parties.
These are just a few of the ways your businesses identity can be compromised. The bad guys spend day and night thinking of new ways to get what you worked for. We can spend days upon days listing every devious manner that the thieves can or potentially could use to steal your hard earned business. Here are just a few ways to help protect yourself.
1) The most important protection a business owner has is a corporate structure. A good business lawyer to properly incorporate and maintain a corporate structure, with sound operating agreements and regular prompt filing paired with regular, vigilant maintenance is your first and best line or protection.
2) A good business banking relationship and/or business accountant. Changes to your banking can include: restrictions on wire transfers, amounts or even an outright ban; a two authentication system for larger amounts of transfers; multiple accounts to prevent large fund transfers; different accounts for taxes, payroll, payables, receivables, and operations and daily reconciliations of funds.
3) Solid professional IT support. A good IT expert will help with firewalls, separating data, and anti-virus. The good ones will also advise you about proper use of web sites, secure internet connection and ensure you are protected.
4) Most data is stolen via social engineered interactions. An email that seems like it is from your bank or a vendor, a USB flash drive found in a parking lot, a misspelled website (gooogle.com, wellfargo.com). All of these and many more are designed to trick you into giving the thief the data he or she needs to access your accounts. ONLY you can prevent these types of thefts. They require you and your employees to be trained and disciplined about following procedures that ensure you don’t get fooled. Your IT expert should be able to help you write and implement these procedures.
5) Check your credit scores. D-N-B, Equifax, Experian and TransUnion all compile and track your business’s credit scores. You can request your information from each and should do so regularly.
6) Track your online identity. Make sure your domains are properly registered in your name and that you have control over them (many a business find out the guy that made their website still owns the domain). Register and claim your identity on directory services. Regularly visit and check up on these items.
Most of these are very general suggestions. Getting experts from outside your business to examine your business and work together and with you to strengthen your protection is the best way to keep your business identity safe. Outside experts can bring a much wider scope of knowledge than employees can provide. Often employees develop tunnel vision and industry knowledge fades to the specific needs of your business and doesn’t allow for a big picture, latest trends analysis. Outside experts work with multiple businesses and can bring a different viewpoint to the table. Making these changes require time and is often uncomfortable. Changing corporate procedures can often be met with resistance from current employees. Only strong leadership from senior management/owners can bring about the change needed to protect your business.
Adam Roig owns Black Flag Consulting, a corporate IT consulting firm specializing in servicing small businesses from 500 to 5 employees. www.blackflagconsulting.com and can be reached at [email protected]