Could Your Small Business Become a Big Target for Identity Thieves?

Most dismiss the idea that they or their company could get hit… which is highly naïve.

Most people think of a set script when they hear the term identity theft. Someone steals your passwords, bank info, or other personal data and goes on a shopping spree in your name or commits some cybercrime using you as their patsy. But too many either haven’t heard of or minimize the potential for a business to become a victim. Known as business identity theft, e-criminals use your firm’s sensitive info for nefarious purposes, including credit card fraud, tax fraud, getting a loan in the name of your business, changing your registration info – and of course, the e-crime that’s all the rage these days: holding websites and businesses for ransom. Also underappreciated is how much of an impact these crimes have on small and medium-sized businesses.

Identity theft – both of your personal identity as well as your corporate one – is now the leading form of fraud in the U.S., with the Federal Trade Commission reporting over 650,000 cases last year. Luckily, a growing number of professional ID theft protection services are rising to the challenge, offering affordable solutions that monitor online activity that’s done under your or your business’s name. Lists of the best ID theft protection services for 2021 have already been compiled – check this site out for a sample of the leading providers.

ID Theft Affects “Normal” People and “Normal” Businesses: Not Just Megacorps

There are hundreds of thousands of “I wish I had” stories, and this year there will be hundreds of thousands more. Much of this pain, however, is preventable by a change in attitude: accepting that you are indeed a potential victim and being willing to invest in proper protection. In the personal realm, credit card fraud is the top type of identity theft. You don’t need a degree in economics to know that we’re all doing significantly more online shopping than before, and the segment is set for phenomenal growth. Consumers need to wake up to the fact that with so many of our transactions moving online, the opportunity for bad actors has and is increasing exponentially.

In early June 2021, the world’s largest meat supplier had its systems shut down at several of its Australian and American operational centers after a massive cyberattack.  JBS said on June 2^nd that the systems were slowly returning to normal and that the “vast majority” of its plants would be operational within 24 hours. But just as JBS was getting back on its feet, the United Food and Commercial Workers International Union suspended operations at nine U.S. beef processing plants after getting whacked with a ransomware attack. And of course, everyone remembers the other major recent attack: the successful ransomware hit on Colonial Pipeline that essentially closed down the fuel infrastructure for the eastern side of America. For a few days, some people went nuts as shortages led to panic buying, long lines, and restriction on gas-per-customer.

It was somewhat comforting to hear that one June 8^th, the U.S. Justice Department managed to recover a good chunk of the ransom payment. The Feds somehow seized a ‘wallet’ or account with some 63.7 bitcoins from hacker group DarkSide – allegedly Russian – and those Bitcoins are currently worth about US$2.3 million. The court document says the seizure happened within reach of U.S. law as it was in Northern California, but exactly how the FBI accessed the password remains a secret.

But here lies the problem: the mega-heists and audacious ransomware attacks get lots of press, leading many to assume such things only happen to “the largest…the biggest…the richest,” etc. The blog ExpertInspights reports that the reality is far different, noting that, “In 2018, 71% of ransomware attacks targeted small businesses, with an average ransom demand of $116,000. Attackers know that smaller businesses are much more likely to pay a ransom, as their data is often not backed-up and they need to be up and running as soon as possible.” And it makes sense. Hitting a massive company might end up in a massive payday, but why put all your bad eggs in one basket? Targeting medium and smaller companies could mean lots of smaller paydays, which add up. Take steps now if you don’t want to be the next target.

A lot of us are getting sloppy. Those running small or medium-sized businesses may not be giving enough thought to a serious vulnerability: teleworkers. The Chief Information Security Officer at Generali Global Assistance (GGA), Robert Yaus, had some unnerving words for businesses that allow employees to work from home – which happens to be one of the fastest-growing trends of this decade: “Hackers are actively exploiting vulnerabilities associated with teleworking,” Yaus told InsiderProtection. “This puts employees’ personal information and company information at increased risk.”

The Majority of Ransomware Attacks Target Smaller Businesses