Identity Theft is when a hacker uses your personal identifying information and pretends to be you in order to commit fraud or to gain other financial benefits. Thieves look to steal user’s personal information: full name, home address, email address, online login and passwords, Social Security number, driver’s license number, passport number, or bank number.
How do they get My data?
Some of the most common ways personal information is stolen is through phishing attacks, skimming attacks (stealing this data off your magnetic strip of your credit card) by placing a card reader over top the real card reader at a Gas Pump, or ATM machine, and even WiFi hacking. They can also purchase this information on the dark web from hackers who have breached company databases and sell access to “Identity” information dark web forums.
What harm can they do with my data?
Additional Reading: Indians Most Concerned About Identity Theft
What should you do as an SMB Owner?
- First and foremost, to prevent identity theft and the issuance of credit in your name, lock your credit with all four credit agencies as outlined below (see How and Where to Lock My Credit).
- Second, train employees on cybersecurity basics, helping them become more aware of the threats they face when interacting online. (Phishing, Social Engineering Attacks)
- Phish Test Employees
- Be wary of public, unsecured WiFi (use a VPN if dealing with sensitive information)
- Govern employees with the proper policies, following NIST Guidelines (WISP, Acceptable Use, Password Policy, etc)
- Employ a Password Manager, require it in your Password Policy
- Enable Two-Factor Authentication wherever possible
- Work with your IT staff or third party vendors to ensure your critical data is being encrypted properly
- Regularly backup critical data
- Use the principle of least privilege
- Stay current with the always-changing cyber threats.
By implementing these measures at your business you’ll become more aware and more secure. You may not have perfect security but you’ll be doing what you can to reduce the risks you face.
How and Where to Lock My Credit:
Anytime static data that cannot be recreated is breached there are long-term consequences which is the case with the Equifax breach of Social Security Numbers, birth dates, home addresses, and driving license numbers. Putting a credit freeze on your account will protect you largely from hackers taking credit out in your name, but doesn’t prevent them from submitting fraudulent tax returns in your name. Get your tax documents in order and submit as early as possible.
Transunion Credit Freeze: https://www.transunion.com/credit-freeze
Equifax Credit Freeze: https://www.equifax.com/personal/credit-report-services/credit-freeze/
Experion Freeze Center: https://www.experian.com/freeze/center.html
Innovis Security Freeze: https://www.innovis.com/personal/securityFreeze