According to the Consumer Sentinel Network, which is a part of the Federal Trade Commission (FTC), a total of 3.2 million cases of fraud were reported in 2019. And Mitek’s own Stephen Ritter in an interview with PYMNTS says there are tens of millions in damages in identity fraud relating to COVID from 2020.
This issue doesn’t just pertain to individuals, though. Businesses are prime targets and becoming more susceptible to identity fraud and theft as criminals become more and more innovative in getting around security systems and protocols. As more customer data and personal identifying information (PII) is consolidated into fewer digital storage databases, savvy identity thieves are increasingly making it a high-priority to target them.
According to a survey by PwC, 69% of consumers believe companies are vulnerable to hacks and cyberattacks. While 72% of consumers have confidence that businesses are best equipped to protect their data, only 25% of consumers believe that companies handle personal info responsibly. And in a new study by Mitek and PYMNTS, over 70% of consumers are less likely to provide their sensitive data like biometrics during onboarding largely relating to these reasons.
Unfortunately, identity theft prevention is not taken as seriously as it should be and addressed proactively. Small businesses, in particular, are vulnerable to attacks compared to larger corporations because they often don’t have sophisticated fraud management solutions and fraud prevention solutions in place. There’s also a general lack of awareness among both large and small organizations in regards to the level of threat and the devastating impact that business identity theft can have.
Additionally, with new privacy laws now in place, like the GDPR and CCPA, protecting your customers’ identity is more important than ever.
In this article, we’ll go over some of the top identity monitoring and prevention tips that will help you safeguard your customers’ personal information from fraud.
Restrict employee access to data
Employees may be the weakest link when it comes to fraud. So, businesses with many employees need to pay extra attention to data breaches and security. One way is to restrict employee access to customer data and decrease their digital footprint. Not every employee needs access to all customer data, so decide who will handle the information. Employees should only be able to access the data and systems they need to perform their jobs properly.
For instance, in the recent high-profile social network hack where highly public accounts were compromised for a Bitcoin scam, hackers were able to gain access to account details through a widely used and unsecured Slack channel that contained personal passwords and other sensitive details of accounts in plain sight, with hundreds of employees able to access them without authentication.
Implement an ID and password policy so that all digital identity activity can be tracked. This way, the appropriate employee can be held accountable in the case of a breach. Give each employee a unique access ID and a strong password, and mandate that they change the password regularly.
Educate your employees
For employees to act responsibly, it’s essential to give them the appropriate education related to cybersecurity and identity theft monitoring. Provide them with regular training on your company’s security measures. You need to educate them about the latest security threats and the prevention measures you have set up.
Keep in mind that although the control of sensitive information is restricted to a few employees, you should educate all your employees about your company’s security measures. Make sure everyone understands basic security threats like phishing, and instruct them on best practices like not opening attachments or clicking on links in suspicious-looking emails, and securing their devices with strong passwords.
Keep your technology updated
The first line of defense against cyber attacks is a strong anti-virus / anti-spyware / anti-malware software and firewall. Install them in all your systems, and most importantly, keep them updated. Security software companies are constantly sending updates to patch gaps in their systems. If the software isn’t kept up-to-date, it won’t be the most useful in protecting your business’s data. If possible, set up automatic updates for your software.
One alarming trend this has been affecting? Local hospitals and municipal governments. In a digital fraud attack earlier in 2019, the city of Baltimore was targeted and the hackers demanded $76,000 to unlock systems after they gained access through a known software bug on an older, outdated computer. The early projected impact of the ransomware attack was estimated at $18.2 million in efforts trying to regain access to the systems. And that doesn’t fully articulate the people who lost services to daily government functions like trash pickup, water, or even power to their homes.
Apart from this, it’s also important to invest in new security technology that is of specific use to your type of business. The degree of security needed will vary by business. A mainstream firewall or anti-virus system may not be enough in certain cases. You may need extra security measures like DDoS appliances, encrypted backups, or even digital identity verification to monitor who is trying to gain access to your digital platforms/systems with more certainty.
Test your cybersecurity system regularly
Installing security systems and updating them regularly also isn’t enough. As security technology improves, identity fraudsters are coming up with increasingly innovative ways to hack into systems and wreak havoc. It’s important to anticipate problems and prepare for them. You also need a plan of action in case your system is attacked. Develop a protocol that details what you would do in the event of an attack, and how you would limit or mitigate the damage.
Test your security systems regularly using spot checks of the programs, or even mock attacks to see how the system and your employees hold up in response to suspicious activity. This will bring to light any weaknesses and issues in your security plan and allow you to make it stronger to protect against a real attack.
Use encryption and a secure network
One of the best shields against hacks is to limit your use of open internet. Instead, move all the information to a secure private network. A private network allows you to have control over who can access the information and reduces the chances of interference from external sources. As an additional measure, backup all your data in a separate place. This will protect you against a ransomware attack.
Another way to protect sensitive customer information is to encrypt it. Invest in the latest encryption technology for your information and update it regularly. Set it up for automatic updates, if possible. If you’re sending or receiving sensitive data over email, it’s advisable to encrypt your emails as well. This will make it much harder for hackers to gain access to the data.
Collect only necessary customer information
Keeping excess customer data in your system is a waste of resources. But, more importantly, it also provides a bigger target for an identity thief. If customers become aware of this practice, it can cause suspicion and a lack of trust as they start wondering why you need all their personal information.
So, collect only what you need for your business and nothing more. Go over the customer data you already have stored and check if you really need all of it. If you don’t, dispose of it rather than keeping it in storage. This not only reduces the resources you’ll need to store and protect the information, but it also increases your customers’ confidence in your privacy measures. Less information in your system means that hackers have less opportunity to steal the data.
Identity theft prevention doesn’t have to be difficult
Identity theft is a growing problem and the number of reported identity theft cases and breach of personal information to the FTC have consistently been the highest among fraud cases. Identity theft costs Americans more than a billion dollars in total losses, and millions of people have their identity stolen every year.
It’s a serious concern and can take place at any time. As a business, it is your responsibility to protect your customers’ data. The only way to do so is to educate yourself and regularly update your systems.
The only way to protect your business from identity theft is to educate your employees and remain alert to scams. You should especially consider teaching employees about authentication vs. verification. You can also purchase identity theft protection through vendors who offer identity protection services. If you follow the best practices given above, you’ll greatly increase your chances of safeguarding your customers’ identity from theft.
Federal Trade Commission, Consumer Sentinel Network. Data Book 2019. 2020, January. https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-2019/consumer_sentinel_network_data_book_2019.pdf
PWC. Consumer Intelligence Series: Protect.me. 2020, September. https://www.pwc.com/us/en/services/consulting/library/consumer-intelligence-series/cybersecurity-protect-me.html
NYT. Conger, Kate & Popper, Nathaniel. Florida Teenager Is Charged as ‘Mastermind’ of Twitter Hack. 2020, September 1st. https://www.nytimes.com/2020/07/31/technology/twitter-hack-arrest.html
CNN. Kim, Allen. In the last 10 months, 140 local governments, police stations and hospitals have been held hostage by ransomware attacks. 2019, October 8. https://www.cnn.com/2019/10/08/business/ransomware-attacks-trnd/index.html