Identity theft (opens in a new tab) has been a big problem for a long time. However, scammers are becoming more sophisticated and trying to stay one step ahead.
In the midst of an unprecedented pandemic, we are seeing an increase in all types of fraud. Unfortunately, experienced scammers are taking advantage of the current chaos and sadly, we see more and more people turning to fraud to increase their income.
In addition to personal identity theft, there has been an increase in the number of business victims of identity theft. It can be as simple as spoofing your website, intercepting emails, and altering payment details.
As an SME, it's critical to discuss risks with your customers and vendors so they are aware of suspicious emails and phone calls claiming to be from your company.
Every business is different, so your risk and exposure to identity theft will be different. You must determine the risks you face, both as a business and on behalf of your clients. Where are the danger spots and what can you do to stop them or at least reduce the risk?
Tabla de contenido
Make sure you comply with GDPR
Review the rules, and then make sure all of your employees understand what they mean. A data breach is the easiest way for fraudsters to get hold of your and your customers' information.
Check your computer security
Make sure you have good antivirus software (opens in a new tab) installed on all devices employees use to access your systems, including cell phones. If you work for a high-risk company, you should consider using biometrics. Two-step authentication must be standard to access your server. Regularly remind employees who work from home about security basics, such as installing updates, protecting passwords, and changing Internet hub passwords. Ideally, passwords should be automatically updated on a regular basis in your email system. There is no such thing as 'unhackable', but it is worth hiring independent specialists to verify and follow their advice. You can then show that you have exercised due diligence.
Have a crisis plan in place. The goal should be to limit the damage to your customers and therefore your business. The program must ensure that you can immediately notify customers of any breach (waiting even a day will increase your exposure to identity theft). This is also a GDPR requirement.
Consider the risks of blackmail and corruption
Fraudsters will target and entice (with money or blackmail) your employees to steal and sell your customer data. Unfortunately, this is much more common than people think. It's hard to close off all the possibilities, but it will help if you have those "soda water" conversations so you're on top of what's going on in your employees' lives.
Beware of insider fraud
Most internal thefts are opportunistic and not premeditated. You can mitigate this risk by ensuring you have internal controls in place, with no one having access to payment systems. Additionally, two-tier verification is essential for bill payments, etc., to ensure that no one is tempted to divert a payment or create false invoices.
Stay in control of your assets
Do you have a record of everyone who has access to your email system, website, and social media? If you don't, it would be easy for a former employee to impersonate you. So keep records and change passwords as soon as someone leaves the company.
Share the risks
If you think you've been attacked or received a phishing email, you should share it so others can be alerted to threats. Also, be on the lookout for new scams by following the police and other official bodies on social media.
consult by phone
One of the simplest and most common forms of identity theft occurs when the scammer convincingly impersonates a vendor (or employee) and asks them to change “your” bank details. Never send money in response to an email or text, even from someone you know well. Instead, pick up the phone and check each time.
Beware of cold calls
Never give confidential information to someone who just called you unless you recognize their voice. Always call them, at the "published" number, from another phone (so they can't pretend to answer your call).
Don't use public Wi-Fi
It's simple to create an account that looks official. The scammer will then be able to steal enough personal information to impersonate you. If you need to use public Wi-Fi (Opens in a new tab), check with the server to make sure you're accessing the correct one, don't check with another client as they could be sitting there waiting for someone like you to "help". '