This week marks Identity Theft Awareness Week, a public awareness campaign by the U.S. Federal Trade Commission (FTC) dedicated to mitigating the impact of identity theft. The week comprises a series of events organized by the FTC and its partners that focus on reducing the risk of identity theft and on concrete steps to recover if identity theft occurs.
Considering the current climate of heightened cyber-risk, this focus on protecting valuable data online is relevant not only for consumers, but businesses as well. The massive proliferation of data today makes it difficult to know how your business data is being stored and accessed all the time, especially with all the uncertainty triggered by the COVID-19 pandemic, including the move for many to remote work.
It's little surprise that the FTC reports receiving approximately 1.4 million reports of identity theft in 2020, double the number from 2019.
“The challenges that COVID-19 has brought include a higher risk of identity theft,” said Seena Gressin, Attorney, Division of Consumer & Business Education, FTC, adding that cybercriminals repeatedly targeted government funds earmarked to help businesses hit hard by the pandemic.
“People also reported identity theft in which criminals used their business or personal information to get money from government-sponsored small business loan programs. Last year, we had 99,650 reports of fraud involving business or personal loans, compared with 43,920 reports in 2019. Not all of the new reports related to the government relief effort, but they were a big share of the increase,” she added.
Tax identity theft was also a key concern last year. The FTC reported receiving 89,390 reports of tax identity theft, compared with 27,450 reports in 2019. While many of the reports concerned other types of tax identity theft, the report numbers began to swell when distribution of the stimulus payments began.
These figures are proof that now, more than ever, we need solid cybersecurity measures and strategies to protect not only ourselves, but also our businesses’ data, brands and customers. The threat is all too real, and even as we enter a new year, cybercriminals are continuing to exploit relief measures like stimulus payments and security gaps in remote working policies to steal valuable information. This includes stealing business identifiers and impersonating businesses for unlawful purposes (like applying for business loans or grants from the government, as identified by the FTC above). A recent example that comes to mind is a fraudster that hacked into several high-profile Twitter accounts (including those of Elon Musk, Barack Obama & Joe Biden) by convincing a Twitter employee that he worked in the company’s IT department, tricking Twitter users into sending him cryptocurrency.
It’s critical to remember that email remains the number one vector for cybercrime. Nine of out 10 cyber-attacks are delivered by email, even when most businesses have an email security solution in place. Business Email Compromise (BEC) scams and phishing emails remain some of the most prolific ways to execute identity theft, and it is imperative for businesses to consistently review their email security strategies to ensure they’re doing all they can to stay safe.
I recommend adopting a multi-layered approach to cybersecurity. It’s sometimes referred to as a ‘defense in depth’ approach, designed to defend a system against attacks using several different methods and solutions, in the event that if one fails, the others will stop the threat. No one vendor can stop all threats, so don’t leave your business exposed.
If you are using Microsoft 365 or G Suite, you should also have third-party solutions in place to mitigate your risk. For example, using a third-party specialist cloud email security solution like MailGuard 365 to complement Microsoft 365. With evidence based-reporting that shows the threats evading your existing defenses, take a free Microsoft 365 email security health check to discover the gaps in your current email security strategy. For more information on how MailGuard 365 can enhance your business email security, feel free to reach out to my team at firstname.lastname@example.org.
I encourage all businesses to stay in touch with Identity Theft Awareness Week, it’s an opportunity to reflect on your own cyber resilience, and to raise the awareness of those around you, specifically when it comes to protecting their data & avoiding identity theft. It is vital that businesses think smarter and safer about the data they’re storing and sharing – especially key business identifiers.
To help you get started, we have drafted the following resources that you can share with your teams and raise their awareness about keeping confidential data safe:
- eBook: Business Identity Theft
Business identity theft, also known as corporate or commercial identity theft, is a type of fraud that involves the impersonation of a business, instead of an individual, for unlawful purposes. In this eBook, we provide a summary of everything you need to know about this growing threat that can destroy your company's brand & finances.
You can download it here
- Infographic: 7 Ways To Prevent Business Identity Theft
Preventing theft and the misuse of company data remains a key concern as businesses continue working remotely in light of the COVID-19 pandemic. That's why we've created an infographic that highlights seven ways to protect your business from identity theft.
You can download it here
I hope you find these resources useful. Together, let’s keep collaborating and helping each other stay safe online.
Image Source: The Federal Trade Commission