Commentary: How Firms Can Safeguard Their Corporate Identity From Theft
Horror stories about identity theft have made us vigilant about protecting our credit cards, Social Security numbers and other personal information. But in our rush to protect personal information, we cannot ignore the growing threat of corporate identity theft.
Stealing a company’s identity and using it to deliberately perpetrate fraud can cost millions and devastate an otherwise healthy, growing company. Identity theft has always been a risk, but the frequency and severity of corporate identity theft have been on the rise as technology overtakes every aspect of business. Wireless networks, smart phones, cloud computing and social media have all added to the vulnerability of data that must be managed and protected and upped the stakes when the best protective measures fail.
Equal Opportunity Theft
Corporate identity theft is not always the product of hackers and hardened criminals. A disgruntled or rogue employee can be just as dangerous. A thief may just as easily get vital information from an unlocked file cabinet or a document that ends up in the trash instead of the shredder.
Corporate identity theft is also not confined to banks and credit card companies, although financial services providers must meet strict government reporting and protection standards. Any business that routinely collects sensitive information like account numbers, business registration numbers, credit histories and other key data can be a target.
Types of Corporate Identity Theft
There are many ways that companies can fall victim to identity theft:
• Government reporting and regulatory information that is in the public domain can become fodder for criminals who seek an understanding of people and processes in a business.
• If not protected, company logos and graphics are easily downloaded to create fake documents and websites.
• Personal and corporate information is gathered through fake e-mails that appear to be from a trusted colleague to an executive such the CFO.
• A convincing copy of a government or financial institution website is used to harvest personal and corporate information.
Corporate identity thieves may use identity information themselves or sell it to others. Generally, they are looking to quickly generate cash using vital information about a company to:
• Open lines of credit and illegally gain access to thousands or even millions of dollars.
• Open high-limit corporate credit cards, make purchases and then sell the merchandise for cash.
• Set up sham corporations or websites using false-identity information.