When we think of identity theft, for most of us we probably picture the personal nightmare: the moments when we look at our credit card bill to see someone has charged £1,000 to it in a store halfway across the world, for example. But if you run a small business – an online shop, freelance consultancy, or mobile service – then identity theft is much more than just a personal threat. It can become a testing business issue, too. Knowing how – and how to plan to avoid it – can make a huge difference.
Why solopreneurs and other small businesses should be alert
We may picture scammers as people who will go after bigger targets because there is more to be gained – but the truth of the matter is that smaller businesses are often all the more attractive because they’re unlikely to have Fort Knox levels of protection and a multi-million dollar legal department. If you’re an Etsy seller, photographer or ecommerce owner, the chances are that you handle a lot of personal data belonging to other people. And some opportunist hackers will see that as low-hanging fruit.
Taking simple steps, like using a service such as PrivateID, can pick up on attempts to access your business data. As well as keeping all sensitive data under multiple levels of protection, you can frustrate scammers who expect you to be easier to hack.
What identity theft looks like for your business
Identity theft for a smaller business doesn’t always look like someone accessing your bank account and draining it overnight. Usually it’s a lot more subtle and causes greater damage over time. By using stolen details, scammers can open new accounts, apply for loans, and sign up for services in your business name. They may also impersonate your brand to trick customers into paying them instead of you, or hijack your email account to target customers and suppliers with fake financial documents.
These are very prosaic scams, and not the kind of thing people make movies about – but they work because they are so everyday and banal that scammers can do a lot of them before being detected. Meanwhile, you’re explaining to your customers why they should probably freeze their credit cards, and that’s hard to rebound from.
How big is the risk?
It’s probably more likely than not that you’ll go about your business without anyone successfully scamming you, so it’s not something you should be unduly fearful of. However, this kind of targeting is always unlikely to happen to you until it does. If you reuse passwords across different services or fall for convincing phishing emails, you can end up suffering a breach and all of the fallout that comes with it.
That may sound like victim-blaming, and let’s be clear – it’s not on you, it is on the scammer. But you can minimise the likelihood to the point of negligibility if you adopt multiple layers of protection against scammers. Making sure that anyone helping you in your business knows what a phishing email looks like, and always contacting your bank or suppliers directly to make a transaction, among other steps, are good ways of closing off the threat.
Identity theft is not something that should keep you up at night; financial losses can usually be recovered and as a victim of crime you shouldn’t end up suffering too much because of it – but it is always better to avoid something than to remedy it, so make sure you’re taking the right steps.
