What Your Small Business Must Know About Business Identity Theft

Your small business is at higher risk of identity theft than you realize.

Why would someone steal the identity of a business entity? The thieves can use the business’ credentials to open lines of credit, purchase high valuable resaleable goods, make a tidy profit, and then disappear. In fact, it’s often easier to gain access to credit via a business identity than trying to charge thousands of dollars to an individual’s credit card, which are typically protected by monitoring programs and stop-loss protections. Often, all it requires is information that is already publicly available and widely distributed, like your federal tax employer identification number (EIN).

Think your small business is too small to be a target? Think again. According to The State of IT Security in SMBs in 2023 - 2024, nearly 43% of all cyberattacks in 2023 were directed at small businesses, illustrating how routine these breaches have become. Cybercriminals know many smaller businesses lack the resources and expertise to defend themselves, making them especially vulnerable. 

Business identity theft is no longer a rare occurrence, it's become a widespread threat. According to research from Trulioo, a leading global identity verification platform, 79% of businesses surveyed have experienced business identity theft. To add to that, the Identity Theft Resource Center found that 85% of small business leaders say they are prepared to respond to cyber incident, yet 73% reported experiencing an attack in 2023.

What can you do? Thankfully, many of the best practices for small businesses to protect themselves against business identity theft echo recommendations for individuals, making them straightforward to apply.

1.  Sign up for alerts and account monitoring from financial institutions. As with personal financial accounts and credit cards, it’s usually possible for businesses to set custom alerts if credit charges are made over a certain amount, to limit the amount of cash that can be withdrawn in any one day, etc.
2. Check credit reports and financial accounts regularly. Small businesses can be particularly susceptible to missing red flags and indicators of fraud, particularly if the owners are trying to do everything themselves. However, it’s critical to stay on top of the business’ financial status at all times. The faster you identify fraudulent activity, the sooner you can put a stop to it.
3. Avoid disclosing sensitive business information. It’s easy to treat the EIN like it’s less critical to keep secret than an SSN, but this is not true. The EIN is incredibly valuable information for thieves, who could use it to file a false tax return in a business’ name.

Don’t forget employees. One issue that hits businesses more than individuals: your surface area for attack is much wider, thanks to your employees. According to a survey from Shred-it, an information security company, employees are the weakest link in business security. Employee negligence and error were behind 47% of corporate data breaches.

That means you need to take proactive steps to shore up employee behaviors. Educate them about security protocols and how to identify common attacks, like phishing (fraudulent emails that look like the real deal, requesting sensitive information used to hack organizations). You might also disallow personal devices to be used with work information, or require security controls, like passwords to protect your business from identity theft.

CoAdvantage, one of the nation’s largest Professional Employer Organizations (PEOs), helps small to mid-sized companies with HR administration, benefits, payroll, and compliance. To learn more about CoAdvantage’s ability to create a strategic HR function in your business that drives business growth potential, contact us today.