People tend to think of identity theft as a consumer problem. If it hasn’t happened to you, you probably know someone whose Social Security number or credit card account information was stolen. The identity thief could have gone on a buying spree or even used that information to qualify for a loan. The victim then spends months or even years clearing their name and record.
However, identity theft is a problem for organizations, too. A recent survey by Trulioo found that 79 percent of organizations had experienced business identity theft leading to fraud, extortion or stolen money.
Organizations are actually more attractive targets than individuals because they have more money and higher credit limits. Newer organizations with little or no credit history are at high risk because it can be difficult for lenders and service providers to detect fraudulent activity. Also, smaller organizations typically don’t have robust tools and mechanisms to prevent identity theft. However, there are steps organizations can take to reduce the risk and quickly detect if they’ve become a victim.
How Business Identity Theft Works
In many cases, the information needed for identity theft is publicly available on secretary of state websites. Information can be hijacked and changed, and inactive organizations can be reinstated, allowing criminals to access bank and credit accounts. Information can also be easily obtained from employees. Samsung recently suffered a data leak because employees were putting sensitive company information in ChatGPT.
Criminals get their hands on bank account numbers, credit card numbers and employer identification numbers (EINS) to steal money, defraud creditors and make purchases. They can secure better terms with lenders and vendors, and buy products to sell on the black market. Worst of all, they can sell an organization’s sensitive information to the highest bidder on the dark web, perpetuating the damage.
While this is happening, victims can be left short on cash and struggle to make payroll, pay bills and meet other obligations. Owners can be personally liable for fraud and unpaid bills until identity theft issues are resolved.
How to Reduce the Risk
To reduce the risk of identity theft, organizations need to ensure that all files and data are secure — online, offline, on-premises and in the cloud. In addition to the right security software, there needs to be a documented security policy that lays out the ground rules for passwords, accessing and sharing data, and approved applications. Users should also be educated about phishing and other threats, how to report a security incident, and other security-related issues.
Organizations need to ensure that vendors and partners are protecting data. While most banks will alert account holders to suspicious activity, organizations need to monitor their own accounts to look for signs of suspicious activity that could indicate an internal or external threat.
How IronLogix Can Help
Most organizations that fall victim to identity theft don’t find out until they are notified by their bank, a vendor or law enforcement. That’s why IronLogix offers dark web monitoring as part of our Breach Prevention Program.
Dark web monitoring is a powerful tool that can detect compromised credentials, such as usernames and passwords, that identity thieves use to access networks, applications and various online services. Dark web monitoring scans the dark web in real time 24x7 and immediately alerts you if compromised credentials and other sensitive information are detected. Employees whose information has been compromised are also alerted.
The cost of business identity theft can be extreme, and many organizations never recover. Let us show you how dark web monitoring reduces the risk of identity theft and helps you protect critical assets.