Easy steps to mitigate corporate identity theft TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Easy steps to mitigate corporate identity theft By Bryan M Wolfe, Christian Cawley published 16 June 2022 Businesses of all sizes can just as easily fall victim to identity theft as individuals (Image credit: Pixabay) Audio player loading… Many people think of identity theft as something that only affects public members. But it can also impact businesses of all sizes, from sole traders to the largest corporations. Corporate identity theft is rising, with scammers researching their targets and choosing their moment to strike. The impact can be devastating and potentially lead to mass job losses. So, how can corporate identity theft be combated?We've put together a list of the best business laptops available nowKeep your devices protected online with the best antivirus softwareSecure your files on the go with one of the best secure drives What is corporate identity theft Security risks to corporations and organizations are often thought to be limited to hackers looking for industrial secrets or ransomware attacks. Increasingly, however, cybercriminals are employing other techniques that target the weak point in every computer network: people. A common outcome of this, and typically the ultimate aim, is corporate identity theft. Also known as business identity theft, this might be the primary attack vector using a few basic company details or the result of time spent mining data from key individuals. Why are businesses targeted Naturally, it's due to the money involved. Businesses spend a lot of money, cash that can, in theory, be repurposed by criminals-for example, bulk buying supplies, usually with some flexible payment plan. There is an opportunity for a business identity thief to pose as the target company, buy goods (computers, perhaps, or some other hardware easily fenced), and avoid detection until it is too late. Further, large purchases made under a company account are less likely to be treated with suspicion. While automated payment monitoring services can help domestic users avoid credit fraud, this is less effective for corporations with huge balances and regular purchasing. (Image credit: wk1003mike / Shutterstock ) Common routes for corporate identity thieves What approaches do identity thieves use when targeting corporations? SIM card swapping: thieves can gain a foothold using this scam. All it requires is to call the mobile network provider to cancel a SIM card and transfer data to a new SIM. Any two-factor authentication protection on corporate accounts sent by SMS can then be intercepted. Whaling: this is a form of phishing targeted at businesses and organizations. We usually think of phishing as a scam targeted at domestic settings over the home phone or email. However, increasingly, larger targets with a far more significant potential windfall are pursued. For example, fake emails, spoofing websites, and identity theft have been used to access business accounts. Business Email Compromise: targeting executives and employees concerned with finance and wire transfers, this scam requires careful research by the cybercriminal. All it needs is to gain access to an email account and arrange the diversion of funds under the auspices of an "urgent" payment or transfer. Successful execution can involve phishing and impersonating CEOs, attorneys, high-level personnel, or keyloggers.   Typical effects of identity theft on a business  What happens when a business is struck by identity theft? While seen as a "victimless crime" by the perpetrators, this doesn't tell the whole story. Businesses hit by the identity theft can struggle, resulting in:Late salary: loss of income can result in difficulty or inability to pay employees, contractors, stakeholders, and partners. The fallout from this can often be redundancies.Tax disputes: tax may be unaffordable. Alternatively, if a business identity is used to file a fraudulent return, the tax department will penalize it.Lost reputation: once hit by a business identity scam, it can be challenging to be taken seriously in the future. Further, any crimes or underhanded behavior carried out under the business's name will be treated with disdain. As a result, the company could be destroyed. Further, small business owners can be hit by personal liability. With typically smaller cybersecurity budgets, this can prove devastating. How to reduce the impact of corporate identity theft Dealing with corporate identity theft brings many challenges. 1. Increase awareness Easily accessible information such as revenues, profit margins, company records, and tax IDs can be used to subvert a company's identity. These details cannot be hidden or suppressed in usual circumstances, resulting in an attack vector that cannot be defended. The best solution here is to increase awareness at all levels, particularly those that handle financially sensitive emails and logins. 2. Initiate procedures and stick to them Corporate identity theft typically involves an email or phone call requesting the transfer of funds. Anything can happen once the system is breached, which is why initiating agreed procedures and protocols for monetary transfer is vital. This way, you reduce the likelihood of a third-party diverting valuable company funds. 3. Enhance system access with biometrics Biometric information can step up system security and add an extra level of authentication. While this may not reduce faked emails demanding an urgent transfer, it can help reduce unauthorized access to a network system, e.g., from a third party illegally accessing a procurement system. 4. Reduce who has access to the purse strings Corporate identity theft often affects businesses with vast budgets across countless directors and senior personnel. No one knows where the money is kept, but they all have access to it, with individual departmental budgets and free rein on spending. Cybercriminals love confusion, and this is the perfect opportunity. 5. Double-check everything This is as important for giant corporations as it is for small businesses. Ensure that every email, phone conversation, and bank and business transaction is made with a verified contact. Doing so can considerably reduce exposure to corporate identity theft. Make things too tricky, and cybercriminals will move on to a new target. (Image credit: Pexels) Protect your colleagues from corporate identity theft A risk to everyone you work with, corporate identity theft could result in entire departments being closed, operations pausing, or even the complete collapse of a business. One wrong click on an unsolicited email can unravel everything. Protection against corporate identity theft is a group effort, so be vigilant, attend regular network security training, and encourage your colleagues to protect themselves and each other from suspicious emails and other phishing techniques.We've also highlighted the best identity theft protection Bryan M WolfeBryan M. Wolfe is a staff writer at TechRadar, iMore, and wherever Future can use him. Though his passion is Apple-based products, he doesn't have a problem using Windows and Android. Bryan's a single father of a 15-year-old daughter and a puppy, Isabelle. Thanks for reading! See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie3Google Pixel Tablet is what Apple should've done ages ago4RTX 4090 too expensive? Nvidia resurrects another old favorite5More than one million credit card details leaked online1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2iPhone 15 tipped to come with an upgraded 5G chip3If this feature succeeds for Modern Warfare 2, Microsoft can't ignore it4Apple October launches: the new devices we might see this month5The Rings of Power episode 8 trailer feels like one big Sauron misdirect Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)