• Hijack social media to distribute false information.

The result: A trail of ruined credit, financial liability and battered reputations that is time-consuming and costly to repair. A small business may never recover.

Preventing Identity Theft

There are no 100% foolproof methods for preventing corporate identity theft. As soon as one roadblock is thrown up, criminals create a detour and attack from a new direction. But doing nothing is not an option, and you don’t have to have thousands of dollars and personnel dedicated to IT security. It begins with several steps.

Have a Plan – Start with a risk assessment and create an enterprise-wide security strategy. Cover all aspects of information security, including prevention, detection and your response to an information breach. Small companies are especially vulnerable due to limited resources and expertise, but adequate protection is only possible when a plan is in place.

Educate and Inform – Include all employees, executives, partners, vendors and even customers. It begins with awareness of the threat and the potential consequences, and continues to individual roles and responsibilities in prevention and reporting. Give your customers, vendors and subcontractors peace of mind by telling them what you’re doing to protect their information and the company.

Designate a Leader – Give responsibility for planning and implementation to a trusted top-level manager. He or she should become your internal expert and the go-to person to report suspicious activities.

Create Written Policies – Define permissible use of company technology and specify steps every employee must take to safeguard information in every form. Agreeing to these policies should become a condition for employment and for doing business. Require at least annual review.

Implement Controls and Procedures – Include information security in your enterprise-wide fraud controls. Include records of actions and activities, multiple approvals of certain transactions and regular monitoring to detect irregularities. Perform frequent, random testing to assure that controls are working as intended.

Deploy Hardware and Software – This is not just computer hardware and software, although that will be a major concern. Hardware can also include locks on doors, filing cabinets, shredder bins and dumpsters. Access should be limited, and passwords must be frequently changed. Software must be kept current to address evolving criminal techniques.

Monitor Activity – By the time identity theft is detected, the damage may already be done. That’s why it’s critical to regularly monitor accounts for suspicious activity, investigate unknown charges or users, or ask about late or missing statements and invoices. Make sure you remain in good standing with credit agencies, lenders and government regulators, and that irregularities are reported and addressed immediately.

Make Prevention a Priority

It is impossible to predict when or where the next corporate identity theft will occur or to guarantee protective measures will be effective, but the time is past when these threats can be ignored. From the sole proprietor to the multinational corporation, guarding against identity theft must become an immediate and ongoing priority.


Brad Mueller can be reached at 608-662-9150.
Scott B. Tracy, CPA, is a national firm construction and real estate practice leader. He can be reached at 414-721-7517.