Home How We Help Be a better employer Managing risk Online scams: how to prevent identity theft in a business

Managing risk

Online scams: how to prevent identity theft in a business

Identity theft is a big issue and it can impact anyone – individuals and business owners.

Jenny Dikranian

Content Writer, My Business

In recent years, cybercriminals have mastered playing this grubby game, aided by the pandemic-fuelled surge in online activity. From remote workforces to new e-commerce models, millions transitioned to a digital world almost overnight.

Now that we are more digitally connected, there is no going back. But with that in mind, we also need to be vigilant about our digital footprint. While the benefits of technology certainly outweigh the negatives, in the past couple of years, cybercriminals have taken advantage of people going about their business online. They are acting on opportunities to steal personal information with the intention of scamming people for monetary gain or other benefits. Sometimes, the personal information stolen can be used to apply for credit such as a loan, or other legal documents. Regardless of how online scammers use the personal information they steal, it is a cybercrime.

Identity Theft Methods used by Cybercriminals

If you have any security weaknesses in your network, a hacker can break into your devices. Essentially, it’s like leaving the front door open. Once in, they have access to an abundance of personal information which they will use to exploit their victims.

These can be cleverly designed emails that trick you into installing software, giving cybercriminals access to your files including personal information of customers or employees. Malware and ransomware can also be introduced into your network via a hacker. In the case of ransomware, the cyber scammer can lock your files or threaten to publish personal information until you pay the ransom.

These scams can be sent via text message or email and the scammer’s goal is for recipients to take the bait by clicking links, opening attachments or carrying out the requested task that compromises the victim. The emails may appear genuine but often the spelling, company logo or the naming convention in the links may not be quite right. Be suspicious about any requests to update or verify your details.

Usually involves receiving a phone call or text message claiming to be from a technical area within a service provider. They will request remote access to your device to fix the alleged issue and may ask for personal details or credit card information to buy a service to solve the issue. When carried out via phone, the scammer will come across as professional but also very persistent in acquiring your details.

Whatever social media platform you use, don’t accept requests from people you don’t know. Some scammers will create fictional names while others take on the identity of real people. Either way if there is any mention of money – in particular, the need to transfer money out of a country – that’s a red flag you shouldn’t ignore.

Key actions: reduce your risk of identity theft

Be cyber aware and the best way to achieve this is to keep up to date with trends. Sign up to training and extend this to your employees. By empowering your staff with the necessary tools, they will know what to look for and to stop and think before clicking links. It only takes one weak link in your workforce to become a cybercrime victim, so strengthen your human firewall, and protect your data and your business.

One of the easiest and quickest things you can do to prevent identity theft is to use strong, unique passwords. You need to create a different password for each account. The more complex the password, the harder it is for a hacker to crack.

Never use personal information to make up your password. Consider using passphrases that are made up of four or more random words. Using a minimum of 14 characters, you can also use a combination of letters, numbers, symbols, uppercase and lowercase characters.

Store passwords safely with a password manager – you’ll only need to remember one set to access the rest.

Consider introducing Multi-Factor Authentication (MFA). This requires two or more methods of verification to log in. For instance, when logging into a laptop, you are sent a code to your mobile device to verify it is you.

Data breaches need immediate addressing. If you receive an email that a business you deal with, such as a supplier, has been hacked, do not ignore it. It is important to acknowledge so you can take the necessary steps. In the first instance, understand what has happened so you can decipher what it means for your business.

The digital world is here to stay so take steps to help prevent identity theft. Safeguarding the personal information you collect from customers and employees is a must. What you do today can make all the difference tomorrow in keeping your business safe from cyber scams.