Company identity theft poses a threat to businesses of all sizes. This is when criminals impersonate organizations – either for their own financial gain or to bring down the reputation of another business. There are many ways in which you can have your company identity stolen from phishing to website cloning. Below are a few tips to help you prevent criminals from stealing your company identity.
Use secure passwords
The worst way in which criminals can steal your identity is by gaining access to your private accounts. To do this, criminals will usually have to crack your passwords first. By using strong passwords, you can prevent criminals from logging onto your accounts. What does a strong password look like? Ideally a password should be at least 12 characters long. It should contain a mix of uppercase and lowercase letters, as well as numbers and symbols. Finally, it should be something that is not easily guessable – ideally it should be completely random.
Such passwords are often hard to remember, so consider using a password manager to help store them. Try to use different passwords for different accounts and consider occasionally changing passwords – just in case one of them has leaked.
Protect your EIN number
Your Employer Identification Number (EIN) is vital for tax reporting and business transactions. Don’t let identity thieves get their hands on this number, as they could use it for all kinds of malicious purposes.
Only allow authorized personnel to handle documents containing your EIN (such as accountants). This will prevent this number from leaking and being used by a fraudster.
Be aware of phishing scams
Phishing is a common tactic used by cybercriminals that involves sending emails posing as people you trust. In these emails, the sender will usually try to get you to reveal sensitive information or click on a link/attachment that could download malware on your system. Phishing can be a common way in which cybercriminals acquire personal company information, which they can use to pose as your company if they don’t try to extort money out of you first.
There are many warning signs of phishing that are worth looking out for. This includes panic-inducing subject lines, suspicious links, requests for passwords/bank details, spelling/grammar mistakes and unusual greetings/signatures. Before you respond to an email or click on a link, consider these signs. Make sure that you also train your employees to look out for these signs if they too handle emails.
Implement DMARC
Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol that can prevent you from being a victim of email spoofing. It involves receiving reports whenever an email is sent from your domain. This allows you to detect when unauthorised personnel are using your email domain.
There are companies that can provide DMARC policy recommendations to help you implement this protocol. Other email authentication measures can be taken to similarly prevent email spoofing such as SPF and DKIM.
Monitor the internet for website cloning
Website cloning is when a criminal creates a copy of your website. Victims are sent to this website via an email or advert thinking that it is your site and may end up giving away sensitive information like passwords or bank details. Such websites will typically use a domain name that is similar to yours and may even completely mimic your website’s design.
How can you prevent criminals from creating cloned websites? Tools like Google Alerts are one potential solution – this tool can alert you whenever your brand is mentioned on another site, which could help you to identify counterfeit sites. Make sure to report these sites as soon as you discover them.
Address employee theft
Employees often have access to lots of sensitive company information, which can make it easy for them to steal your company identity. This can include everything from financial information to essential passwords.
Be careful of being too trusting of your employees – especially new employees. Limit access to certain information and accounts, allowing only your closest and most loyal employees exposure your most valuable information. You also need to be careful of your ex-employees – when an employee leaves your company, consider disabling any company accounts they may have had or change any passwords they had access to. While most ex-employees aren’t a threat, there is a risk that information could be leaked (particularly by an employee who left on bad terms) so you need to be careful.
Vet your suppliers
You may also want to consider vetting your suppliers. They may have access to sensitive information that could be used to impersonate you. Even if they themselves don’t use this information, you need to be wary of a potential data breach.
Work with suppliers that have a good reputation and don’t give any personal details to suppliers that you don’t need to hand out. Make sure that your suppliers take measures to secure the data of their customers. This could reduce the chance of your data leaking out.
Secure your trademark
Finally, you may want to consider trademarking your brand. A trademark can legally prevent others from using elements of your brand such as your brand name, logo or slogan without your permission. This can prevent other companies from trying to sell products or services by posing as your company.
How do you trademark a brand? By registering an element of your brand with the USPTO. This involves submitting an application and then waiting for it to be approved. You will need to do your research to make sure that there are not already any similar trademarked brands using your logo or brand name. A trademark lawyer may be able to help with the application process.
Conclusion
It requires multiple steps to prevent criminals stealing your company identity. While this might seem like a lot of work to do, it is worthwhile for preventing financial extortion and reputation damage. Start by strengthening passwords and then implement other measures like looking into DMARC and applying for a trademark.Â
