Identity theft has been a significant issue for a long time, and fraudsters are becoming more sophisticated in their methods. The ongoing pandemic has led to a substantial rise in fraud. Unfortunately, experienced criminals are taking advantage of the current confusion, and more people are resorting to fraudulent activities to make money.
Furthermore, businesses are also increasingly falling victim to identity theft. This can be as simple as scammers creating fake versions of a company's website, intercepting emails, or altering payment details.
It is crucial for small and medium-sized enterprises (SMEs) to have discussions with their customers and suppliers about the risks of fraudulent emails and cold calls that claim to be from their business. Since each business has different risks and potential exposure to identity theft, it is important to identify the hazards that your business and customers may face. You should determine the danger points and take adequate measures to mitigate the risks or prevent them altogether.
Ensure you're GDPR compliant
Please reread the rules and ensure all your employees understand what it means. A data breach is the easiest way for fraudsters to access your information and customers.
Review your IT security
It is essential to have reliable antivirus software installed on all devices used by employees to access your systems, including mobile phones. If your business is at a higher risk of cyberattacks, it is recommended to consider using biometrics. Standard two-step authentication should be in place to access your server. Regularly remind employees who work from home of security basics, such as installing updates, creating strong passwords, and changing passwords on the internet hub. It is ideal to have passwords automatically updated regularly on your email system. Remember, there is no such thing as "unhackable," but it is worth hiring independent specialists to check your security and follow their guidance. This way, you can demonstrate that you have done your due diligence.
Plan effectively
Have a crisis plan in place. The aim should be to limit the damage to your customers and, therefore, to your business. The program should ensure you can immediately inform customers of any breach (if you wait even a day, you will increase their exposure to identity theft). This is also a GDPR requirement.
Consider the blackmail and bribery risks
Fraudsters will target and tempt (with money or blackmail) your employees to steal and sell your customer data. Unfortunately, this is far more common than people realize. It is difficult to stop all the possibilities, but it will help if you have those ‘water cooler’ chats so that you’re aware of what is happening in the lives of your employees.
Be aware of internal fraud
Most internal theft is opportunistic rather than premeditated. You can mitigate this risk by ensuring you have internal controls, with no one having access to payment systems. In addition, two-tier verification is vital for paying invoices, etc., to ensure nobody gets tempted to misdirect a payment or create fake invoices.
Keep control of your assets
Do you have a record of everyone who has access to your email system, website, and social media? If you don’t, it would be straightforward for an ex-employee to pose as you. So keep records and change passwords as soon as anyone leaves the company.
Share risks
If you suspect you have been targeted or have received a phishing email, this should be shared so others can be alert to the threats. In addition, keep an eye out for new scams by following police and other official bodies on social media.
Double-check by phone
One of the most common and simplest forms of identity theft is when the fraudster poses convincingly as a supplier (or an employee) and asks you to change ‘their’ bank details. Never send money in response to an email or a text, even from someone you know well. Instead, pick up the phone and check every time.
Be wary of cold callers
Never give out sensitive information to someone who has just called you unless you recognize their voice. Always phone them back, on the ‘published’ number, from a different phone (so they can’t pretend to answer your call).
Don't use public Wi-Fi
It is straightforward to set up an account that looks official. The fraudster will then be able to steal enough personal information to pose as you. If you have to use public Wi-Fi, check with the server to ensure you access the right one, don’t check with another customer as they could be sitting there waiting for someone like you to ‘help.’
More from TechRadar Pro
- Here's our list of the best secure router on the market
- We've built a list of the best ransomware protection around
- Check out our list of the best malware removal services on the market
- Check out our list of the best encrypted messaging services around
