Business Identity Theft: How You Can Protect Your Business

Did you know that in the U.S someone falls victim to identity theft once every two seconds?

In 2017 alone, 60 million Americans were affected by identity theft, with the annual cost of this kind of fraud in the U.S being a staggering $16 billion.

Of course, it is not just individuals who are at risk of having their identity stolen, businesses are just as vulnerable. Plus, if your business does become a victim of identity theft, not only can you lose money, you can also lose your livelihood and the trust of your customers.

Fortunately, there are steps that you can take as a business to protect yourself against identity thieves.

Keep reading to find out what they are and to ensure your business stays as safe and secure as possible.

What is business identity theft?

Business identity theft, also known as commercial or corporate identity theft, is when someone or a group of people illegally impersonate a business for criminal gain. Unlike with personal identity theft that only affects an individual, business identity theft can impact your whole business, from your employees to your customers.

It is worth noting that business identity theft is not the same as a breach of sensitive company information or the same as an employee or consumer theft. It directly involves the impersonation of your business.

How can you safeguard your business from identity theft?

Be vigilant of your credit reports

If you want to keep your business data secure, you need to ensure that you are informed and knowledgeable about your company’s credit reports, that way you will be able to immediately notice if something is amiss.

Utilize biometrics

Using biometrics to protect your identity as a business is a highly effective way of keeping yourself safe from increasingly sophisticated online criminals. Using a wide variety of techniques including fingerprint scanners, voice detection, facial recognition and retina recognition, the biometric authentication industry is estimated to be worth a whopping $1.5 billion by 2023.

Stay up to date with digital security practices

This is particularly important for small and midsized businesses that may not survive a security breach of this kind.

Some of the best security practices that you should be adopting include:

  • Having robust firewalls
  • Securing offsite data storage
  • Updating your software regularly
  • Installing VPN for outside access
  • Having scheduled malware scans

Look out for fake invoices

If you receive any invoice for a service or for goods that you did not order and never received, this should instantly set alarm bells ringing. The same goes for if you receive a duplicate bill that you have already paid.

Beware of unknown wire transfers

One of the more common phishing scams involves someone impersonating a CEO or other senior executive and requesting a wire transfer to an unknown account. If you regularly perform wire transfers or work with vendors overseas, you need to be particularly careful of this.

As a business owner, business identity theft is something that you should be taking extremely seriously.

Do not put off securing your data, as your customers, employees and business will be at risk if you do.

Follow the above practices, stay vigilant, and above all else, be consistent in your efforts.

Advice in the Wake of Security Breaches

By Mark Nyquist ‐ Information Systems Director, Epicor HCM

In the wake of the recent security breaches (see links below), I’d like to take just a quick moment to remind everyone that extra vigilance and scrutiny are becoming vital for the security of work and home environments.
I’m sure that many of you have already received notices from retailers you might be associated with (Target, USBank, BestBuy, etc..) stating that their email database for marketing newsletters was breached. The fallout of this is still being explored, but rest assured that will lead to very targeted ‘spear phishing’ attacks in the very near future. If your name and email address was disclosed in this breach, you’ll most likely start to receive emails that look very much like the newsletters you are used to seeing with proper logos, graphics, content, personalization to your name, etc.. – but with links that may go scam sites. Be extremely cautious when emails ask you to ‘change your password’, ‘update your credit card information’, etc.. When in doubt, look up the customer service number for the retailer, and contact them directly asking if the email is legitimate or if you might be able to perform the requested action over the phone.
In a very real example of the damage targeted attacks such as this can cause, look no further than the recent compromise of the RSA security company. Several users at RSA received a targeted email containing an Excel spreadsheet labeled ‘2011 Recruitment Plan’. Even though their junk-filter caught the email, one user still pulled it out of junk and opened it. The spreadsheet had an embedded flash object which executed a zero day exploit (meaning their antivirus program did not yet have a defense for this). The trojan then installed remote control software and the rest was history. Here’s where the story should hit home though: The attackers were then able to leverage this foothold to steal the master encryption key for millions of two-factor security FOBs. There are some government agencies that relied (note the past tense) on these for securing top secret data. The brand reputation of this company has now plummeted and security conscious customers are flocking to other solutions. The harm this one person caused will have major ramifications to the financial future of an entire company.


  • Only open email attachments from trusted people, and only when the content seems relevant. When in doubt, call the sender and ask for confirmation.
  • When possible, don’t click on links in emails. Instead, use your own bookmarks to trusted places and navigate to the destination. If this is not possible, scrutinize links (right click, copy – paste into notepad) to make sure the go to legitimate places.
  • Educate family and friends on the dangers that will certainly escalate in the near future.

Epsilon Breach