Avoid Corporate Identity Theft
Written by Shelley Slater on 6 January 2014
When we think of identity theft, we usually think of someone stealing our credit card or other personal details online. Although identity theft is one of the biggest crimes of our time, businesses often don't realise that they, too, can become victims. Unfortunately, thousands of companies across the globe are suffering from the effects of criminals stealing the identity of the business itself, and even their staff. The latest estimates show this crime is costing the global economy hundreds of millions, at a time when it can least afford such losses.
A great credit record can be too much of a temptation for identity thieves
A company’s credit rating can make them prime targets for corporate ID theft. Many companies deal in large amounts of money daily, so the odd thousand pounds here and there is unlikely to be checked thoroughly. It is estimated this kind of fraud now accounts for roughly 15% of the losses suffered in the commercial sector in the UK. Once these fraudsters have enough financial and personal details of a business they can wreak fiscal havoc on their corporate victims.
How does corporate ID theft happen?
Most large scale crimes these days are associated with online activity as cyber crime spreads itself throughout the internet, chewing up information as it goes. As a result, society has become less vigilant as far as paper-related crime is concerned. The common belief is that if we fall victim to identity theft it will happen online, and this simply is not always the case.
To shred or not to shred?
Even small businesses deal with masses of paperwork every week. There’s everything from bills and payslips to contracts and reports. All paperwork a business discards should be shredded in a professional shredder that results in strips so thin nobody can reconstruct the document. Once shredded, for extra security they should be mixed up so bits from different forms are blended together. You have an obligation to protect not only your business but also your staff and clients, and the following items should all see the shredding blades:
- HR documents, which include
- Applications for employment
- Records of performance reviews
- Any payroll documents
- Staff medical information
- Records of disciplinary procedures
- Training analyses
- Employee correspondence and contracts
- Client documentation including
- Payment information including schedules and bank details
- Client lists, contracts and invoices
- Payment schedules and proposals
- Legal documentation
- Client passwords and other sensitive data
- Business documentation including
- Proposals for company and product development
- Research and strategy information including any drawings
- Minutes of meetings and any training information
- Internal correspondence and reports
- Information on suppliers and purchase orders
- Budgeting data
- Miscellaneous paperwork such as
- Email printouts and desk memos
- Telephone messages, diary pages and notes from meetings
In short, all paperwork - no matter how minor it may seem at the time - should be destroyed rather than just put in a regular bin, as it is amazing what little snippets of seemingly benign information can be helpful to identity thieves.
The reality is that once even a portion of this information is in criminal hands a thief can then start to build himself a full profile where he effectively becomes the company and anyone who works for it.
Surprising Fact: Any individual can submit changes to company details stored at Companies House. Quite simply, the staff at Companies House accepts changes to company details "in good faith". The staff do not make any checks on new submissions to ensure their validity.
Protecting your company from corporate identity theft
The first place to start is to ensure that you are utilising the very best options for document and data storage and disposal. You should limit access to electronic data and paper documentation as, unfortunately, it isn't always outsiders who are the ID thieves.
- All outdated paperwork should be placed into a lockable console for regularly scheduled shredding and not just put into recycle bins
- All hard copy data should be stored in a secure location
- Contact your banks and anyone else you have financial dealings with and set up new passwords and identity checks that, ideally, only you and trusted employees who need the information know
- Consider covering yourself with business identity protection insurance which will cover your business against both supplier and customer ID fraud, account takeovers and all other manner of corporate identity fraud
- Carefully monitor your company's credit records to ensure there is no unusual activity
You should secure and continually monitor any information that you give to Companies House. They recommend a three point plan to protect your business from identity theft:
- Use the secure online Webfiling system instead of sending 'paper' documents as email attachments ready to be printed off
- Sign up to the protected online filing system called PROOF in order to submit any changes to director’s names or company addresses
- Subscribe to the Monitor Alert System which sends you a direct notification if any changes are made to any of your company's details.
It is risky to think that this kind of fraud can't happen to you. Whether you have an SME or head a large corporation, your business and employees are there for the taking if you are remiss in the protection of your documents and data. Taking these precautions in advance can save a lot of distress further down the line and keep your business running smoothly.