Small Business & Identity Theft – Part 3

In our previous installment, we reviewed resources that one can take to reduce the chances of business identity theft. Today we look at some actions to take right in your own office.

Don’t Mix Personal With Business

Avoid using your personal credit cards, accounts, and lines of credit for business. Using business cards for business helps keep a sound business separation for purposes of accounting, tax reporting, banks, and credit card companies. In fact, most financial institutions and major card issuers specifically exclude business related transactions conducted with personal cards from their “zero fraud liability” programs. If a business account is compromised, any personal payment methods (including card or account numbers) associated with that account may also be compromised.

Don’t Mix Facebook with Quickbooks

We also strongly recommend that business computers be used only for business. If the kids visit the office, let them know that they can’t surf the internet or go on social media sites on any of the business computers. And restrain from online gaming, downloading non-business program or file sharing programs like Dropbox. The can potentially expose your business computers to malware, viruses, spyware and other security risks that could hurt your business and your confidential information on your customers and employees.

Close the Drawbridge

It probably goes without saying that if you use Windows, you must install and regularly update anti-virus and Internet security software. Additionally, install and utilize a firewall on your business computer network to control external connections and/or prevent unauthorized access to your business information, and as a first line of defense again intrusions and malicious code attacks. Also, be aware that business wireless networks can extend beyond the walls of your building. We strongly advise having a trusted professional network security firm set up the security and encryption necessary to keep your business as your business. To close the drawbridge against all enemies, make a point to frequently change the user name and password of your anti-virus software and the password for the wireless router.

One last word, the Internet is changing our lives and our ways of doing business on a daily basis. By the time this blog is posted, some of the information provided here could have already changed or been updated. Stay abreast of new developments in business identity theft and fraud, and inform your key employees to do the same. For more information about business identity theft, sign up for email updates from the U.S. Small Business Administration.

We recommend reading “Stopping ID Theft from Paying Off” by Ohio Tax commissioner Joe Testa.

Small Business & Identity Theft – Part 2

Last month (May 28) we covered some of the tricks and scams surrounding business identify theft through bank accounts, wire transfers and phishing. This month we’ll look at how to protect your business information and prevent identity theft and fraud.

Lock Up the Checkbook

If a thief broke into your office or home, could they steal your checkbook, checking account supplies and other business identifiers, account numbers, etc.? These should be under lock and key. If your business uses lots of paper checks, be sure they are high security grade checks able to thwart fraud schemes like phony payroll checks or altered payee or amounts. Treat your business EIN like you would your Social Security number. Only provide an EIN when disclosure is required, and never on unsolicited business credit applications. Duplicate all your business identifiers and keep the originals and copies in a safe, secure location inaccessible by unauthorized personnel. Shred any old documents that might contain business license number, registrations, EIN/TIN, account number, and so on. Buying a business shredder? Look for cross-cut, confetti cut, or diamond cut.

Enroll & Review

So far, Ohio state agencies don’t offer email alerts, but they do want you to report fraud at (800) 757-6091 or online. However most banks do and we suggest that you enroll in email alerts at your bank. These services can provide early warning of potential fraud. Regularly review your business registration information online (for both active and closed businesses). In Ohio, go here to create an account or log in to your current account. You should also periodically check any past businesses that you may have closed to be sure that they have not been fraudulently reinstated. Business identity thefts have been known to target companies classified as inactive, so that’s another incentive to keep your business filings currents.

Check your business credit report regularly from each of the three top providers and look for suspicious activity. These same organizations offer fee-based services to do this for you.
Dun & Bradstreet

Watch Like a Hawk

Protect and monitor your business credit card and your trade accounts, and reconcile account statements as soon as they are received. If you see something fishy, promptly contact the creditor. Thieves commonly make small purchases like uneven amounts between $3 and $8, then wait to see if it’s noticed before making a larger purchase. Phone numbers to report credit card fraud are on statements or on the back of cards, but it helps to keep them handy in file or drawer as time is of the essence in credit card fraud.

In our next and final installment on small business identity theft, we cover three additional caveats—and preventative measures—to safeguard your business’s financial identity.

Small Business & Identity Theft – Part 1

Have you ever noticed the persistence shown by an ornery squirrel determined to get inside a bird feeder? For small business owners, the squirrels’ perseverance serves as an example of how determined criminals are to steal from you or commit fraud in your name. But there is something you can do about it. NOTE: Even if you are an individual and not a business owner, much of this advice applies.

Know Thy Banker’s Policies

Did you know that under the Uniform Commercial Code (UCC) that businesses have shorter reporting timelines, less protections, and higher liability for fraud than do consumer banking accounts, and that banks can disclaim certain obligations through amendments to their banking agreements.? Know your bank’s policies because they have a huge impact on your business’ liability for fraudulent transactions.

Don’t Go Out on a “Wire”

If your business uses wire transfers, learn about multiple-factor authentication that requires two or more party approval for outgoing wire transfers. If a criminal initiates a wire transfer, the extra control can help prevent the transfer from being approved and completed. And if your business doesn’t use wire transfer, ask your bank to block wire transfers altogether or at least set a maximum amount.

Be Curious

Monitor your business accounts daily. Frequent review catches suspicious or fraudulent activity quickly to reduce losses. Online banking allows business owners to quickly and easily log in to your bank account to verify that it matches internal reports. Online banking also eliminates mailed paper statements which are becoming more and more of a risk for theft or exposure.

Don’t Share

When you access your banking accounts, use one secure, dedicated computer fully equipped with up-to-date anti-virus / anti-spyware / internet security software. Don’t let anyone else use that computer and never use it for non-business activities like email or web surfing. Use complex passwords that can’t be guessed by others. Some use a line from a favorite song or poem; you don’t have to write it down, but hard to duplicate. And of course, never do banking from any Wi-Fi hotspot (Starbucks etc.)

Beware of the Phish

Designed to trick you into divulging confidential personal and business account information, phishing email scams too often “look” legitimate but aren’t. Legitimate financial institutions and government agencies never ask you to verify or provide information through email. Don’t respond to the email, and don’t click on any links or open any attachments. Doing so can cause spyware to be installed on your computer. Report all such activity to your bank’s fraud department.

Next month we’ll review how to protect and monitor your business information. For now, be safe, and remember, most of these steps can be taken by everyone – whether a small business owner or as an individual.