How to Prevent Business Identity Theft

Since 2005, we’ve seen many news headlines reporting how businesses have lost thousands of dollars, and some have even faced bankruptcy because cyber-criminals stole money from their accounts. Unfortunately, seven years later cyber-criminals continue to target businesses, and we haven’t really been able to prevent and stop this type of fraud, especially in small and medium sized business.

Account takeover, or business identity theft, occurs when a cyber-criminal steals a business owner’s or employee’s online banking log-in credentials for their business accounts. Once the cyber-criminals have the credentials they have a window of opportunity in which money can be stolen. They can initiate funds transfers through ACH or wire transfers to their own bank accounts within the U.S. or abroad. Often these funds can’t be recovered by the business, causing disruption and financial loss.

To obtain access to business accounts, cyber-criminals lure employees with different techniques, and cause them to spread viruses or malware designed to steal corporate online banking account log-in credentials, this is known as “phishing.” For example, a business may be compromised by:
• An infected document attached to an email
• A link within an email that connects to an infected website
• Employees visiting social networking websites and clicking on infected documents, videos, or photos posted there, and
• Transferring documents infected from another computer.

Recently, RSA, the security division of EMC, published a report  stating that in 2011 one in every 300 emails circulating the web contained elements of phishing. Although phishing scams have been around for a while, email users still fall for this scam and reveal personal and confidential information.

As a business owner, what can you do to prevent business identity theft?


Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.