Identity theft (opens in a new tab) has been a big problem for a long time. However, scammers are becoming more sophisticated and trying to stay one step ahead.
In the midst of an unprecedented pandemic, we are seeing an increase in all types of fraud. Unfortunately, experienced scammers are taking advantage of the current chaos and sadly, we see more and more people turning to fraud to increase their income.
In addition to personal identity theft, there has been an increase in the number of business victims of identity theft. It can be as simple as spoofing your website, intercepting emails, and altering payment details.
As an SME, it's critical to discuss risks with your customers and vendors so they are aware of suspicious emails and phone calls claiming to be from your company.
Every business is different, so your risk and exposure to identity theft will be different. You must determine the risks you face, both as a business and on behalf of your clients. Where are the danger spots and what can you do to stop them or at least reduce the risk?
Make sure you comply with GDPR
Review the rules, and then make sure all of your employees understand what they mean. A data breach is the easiest way for fraudsters to get hold of your and your customers' information.
Check your computer security
Make sure you have good antivirus software - opens in a new tab - installed on all the devices employees use to access your systems, including cell phones. If you work in a high-risk company, you should consider using biometric data. Two-factor authentication must be standard to access your server. Regularly remind employees who work from home about security basics, such as installing updates, protecting passwords, and changing Internet hub passwords. Ideally, passwords should be automatically updated on a regular basis in your email system. There is no such thing as 'unhackable', but it is worth hiring independent specialists to verify and follow their advice. You can then show that you have exercised due diligence.
(*10*)Plan effectivelyHave a crisis plan in place. The goal should be to limit the damage to your customers and therefore your business. The program must ensure that you can immediately notify customers of any breach (waiting even a day will increase your exposure to identity theft). This is also a GDPR requirement.
Consider the risks of blackmail and corruption
Fraudsters will attack and tempt (with money or blackmail) your employees into stealing and selling your customer data. Unfortunately, this is much more common than people think. It's hard to shut off all the possibilities, but it will help if you have those "soda water" conversations so you're aware of what's going on in your employees' lives.
Beware of insider fraud
Most internal thefts are opportunistic and not premeditated. You can mitigate this risk by ensuring you have internal controls in place, with no one having access to payment systems. Additionally, two-tier verification is essential for bill payments, etc., to ensure that no one is tempted to divert a payment or create false invoices.
Stay in control of your assets
Do you have a record of everyone who has access to your email system, website, and social media? If you don't, it would be easy for a former employee to impersonate you. So keep records and change passwords as soon as someone leaves the company.
Share the risks
If you think you've been attacked or received a phishing email, you should share it so others can be alerted to threats. Also, be on the lookout for new scams by following the police and other official bodies on social media.
consult by phone
One of the most common and simplest forms of identity theft occurs when the scammer convincingly impersonates a vendor (or employee) and asks you to change "your" bank details. Never send money in response to an email or text, even from someone you know well. Instead, pick up the phone and check each time.
Beware of cold calls
Never give confidential information to someone who just called you unless you recognize their voice. Always call them, at the "published" number, from another phone (so they can't pretend to answer your call).
Don't use public Wi-Fi
It's simple to create an account that looks official. The scammer will then be able to steal enough personal information to impersonate you. If you need to use public Wi-Fi - opens in a new tab - check with the server to make sure you're accessing the right one, don't check with another client as you might be sitting there waiting for someone like you to "help". '