National Consumer Protection Week is over. During the second week of March, your BBB partnered with the Montana Attorney General's office and the U.S. Postal Inspection Service, staffing a table at two different post offices. We gave out information on scams and fraud and answered questions.
So why am I writing about it now? Two reasons: 1. Every week should be a consumer protection week and 2. Business people forget that they're consumers too. In fact, businesses fall victim to identity theft at a rate of 1½ times that of individuals.
A recent survey of 300 small companies found that many don't know how to effectively prevent identity theft. Many lack the resources to install cyber-attack thwarting technology and worse, they seem to believe that it's really not their problem. Fifty-two percent said they had little or no familiarity with the banking Trojan-a particularly virulent form of malware that tricks people into divulging usernames and passwords for their online bank accounts.
We see this scam all the time. The only thing that changes is the name of the bank. I knew one woman in her 30s who got a text as she was standing in line at the grocery store with a cart full of food. The text said "the bank" needed to verify her account information or she might not have access to her funds. She panicked and gave them her information.
Another scam that has resurfaced this tax season is an email that appears to come from the IRS. Last year the subject line was "underreported income" and this year it seems to be "problem with your electronic filing." The email has a link and asks for a bunch of sensitive information. Last year it went to a bookkeeper at a company in Florida. She panicked, gave all the information and within 24 hours the company had lost $64,000. My guess is that this company now believes preventing identity theft is their problem.
The survey referenced above found that 63 percent of business people thought their banks would return all of the funds stolen in these attacks. In reality, just over a quarter of victims stated that they had been reimbursed most of their stolen funds. In addition, U.S. law puts the burden on business owners for keeping funds secure, rather than the banks. The majority of small businesses surveyed weren't aware of this fact, which means they are operating with a false sense of security.
What to do? There are some simple and fairly inexpensive things your business can do to reduce the threat of identity theft:
• Educate all employees - Train employees not to click on email links or to give out sensitive business information to anyone. Set a data security policy and have everyone sign it. (For information on how to do this, visit: www.bbb.org/us/corporate-engagement/security/)
• Be proactive when hiring - Do background checks and check references before hiring. The majority of theft happens from the inside. Two crooks in California stole company information off their own website and set up a mock company. They received $1,000s of dollars from brokers and when arrested, had two more completed packets ready to go.
• Shred! Shred! Shred! - Shred all documents containing sensitive information. It only takes a couple pieces of information to steal your identity and they're very easy to get.
• Install a firewall and use anti-virus software. Make sure to update it. Out-of-date software will do you no good.
• Invest in insurance to protect your business from banking fraud or identity theft.
It is tempting to think that a business will never be victimized. However, business owners and managers need to remember that they are at higher risk of being victimized and need to take even more precautions than individuals do. With a business, there are many people who could compromise the company's information, not just one person. Often, cases of identity theft could have been prevented by taking a few simple steps.