National Identity Fraud Prevention Week

It isn’t just individuals who can fall foul of fraudsters; businesses can have their identities stolen too. Corporations are being targeted by ruthless criminals, who can use their identity to trade off the real company’s good name to obtain goods and services on credit from suppliers. However this is not the only area of risk, fraudsters can obtain signatures from public records and attempt to attack company bank accounts by purporting to be the signatory on the account.

Companies can and should put measures in place to reduce the opportunities open to criminals to commit identity fraud and to use their organisation for criminal activity. Many of the rules that apply to individuals can be adapted to protect companies and a free guide to Protecting Your Identity and more details are available.

Protect your customers and employees from identity fraud by following our simple tips to keep your information secure

From setting up a credit card or credit account in your company name to get goods and services which you will ultimately pay for to stealing customer information and selling it on, your company can become a goldmine for fraudsters if you don’t protect your information. Criminals can trade off the back of the real company’s good name or obtain signatures from public records and attempt to attack company bank accounts by purporting to be the signatory on the account.

Companies can put measures in place to make it harder for fraudsters to use their organisation for criminal activity. Many of the rules that apply to individuals can be adapted to protect companies but here are some additional steps you and your company should take:

Companies Registration Office (CRO)

1. Check your ‘REGISTERED DETAILS’ (Directors, Company Secretary and Company Address) at CRO. Make sure these are correct and that they have not been fraudulently changed.
2. Register for CORE (Companies Online Registration Environment). CORE is a simple and automated service that detects tampering and protects companies against identity fraud. It notifies them of any filings for the company and of changes in the status of those documents acts as an early warning signal of possible fraud.

The Data Protection Acts 1988 and 2003 places an obligation on organisations processing personal information to store this information in a safe and secure manner, including the prevention of unauthorised access to the information. When this information is no longer required, it must be securely destroyed.

Document Procedures - Having a well formulated document disposal policy in place, and adhering to it, is the first crucial step in protecting your business from corporation identity fraud. Define clearly what you mean by sensitive or confidential information and make sure that anyone who handles or has access to this information knows how it should be saved, stored and ultimately destroyed. Don’t forget to include electronic media as well as paper in your guidelines.

Inform Staff - Caution staff about the risk of giving out company information online or over the phone without first checking to whom they are giving the information to. As part of your security policy, you should implement guidelines on what personal information should be divulged to third parties, particularly by electronic means such as email.

Keep track – Regularly check your registration details at CRO, your bank details and your website for any unusual transactions or discrepancies

Reduce the risk of electronic hijacking Businesses must be responsible for ensuring that firewall and antivirus software is kept up-to-date. This way staff can securely open legitimate email attachments for viewing.

Another course a business could take to further protect their employees is setting up a VPN. (Virtual Private Networks)

This will enable you to give your employees remote access to office computers, a powerful business tool; but remain secure enough to avoid giving hackers a back door right into your network and employee or customer data.

Shred All Documents

The Data Protection Acts 1988 and 2003 places an obligation on organisations processing personal information to store this information in a safe and secure manner, including the prevention of unauthorised access to the information.

When this information is no longer required, it must be securely destroyed. Shredding information is the best way to dispose of documents securely and to ensure that criminals cannot gain access to sensitive company details fraudulently. Cross cut shredders provide greater security by cutting paper into small confetti-like particles and also reduce bulk waste. Companies such as Fellowes offer powerful office shredders which can destroy large quantities of paper as well as CDs. (see 'Useful Links').

TIP: Always shred headed paper and other documents with your company details or financial information on, regardless of the content of the letter/file.

Businesses also have responsibilities beyond the protection of their own identity. Organisations of all sizes are responsible for safeguarding the identities of their employees and customers and ensuring that their identities cannot be stolen and used by criminals.

Avoiding Workplace Identity Theft
Inform staff – make sure your employees understand the risk of identity fraud to your business, your customers and to themselves and their families. To help you with this, we have provided a number of resources that you can handout to staff in the downloads section of this website.

Introduce a clean desk policy - This reduces the risk of identity theft in the workplace as passwords and confidential information gets locked away.

Protect customer information - From small retail outlets to large corporations, all businesses are responsible for the protection of their customers’ data. Businesses should have comprehensive security strategies in place.

Understand your systems - Know what personal information you have in your files and on your computer. Understand how personal information moves into, through, and out of your business and who has access — or could have access to it. For example if you are a retail outlet, make sure you follow the rules and regulations regarding abandoned credit card receipts.

Minimise what you keep - Keep only what you need for your business. These days, if you don’t have a legitimate business reason to have sensitive information in your files or on your computer, don’t keep it, shred it and bin it!

Keep data secure and organised - Protect the information you keep. Be cognisant of physical security, electronic security, employee training, and the practices of your contractors and affiliates. Lock away sensitive documents in a safe place and limit access to these documents to the staff who really need them. Fellowes has produced an R-Kive Record Management handbook detailing how companies can store sensitive information safely, which offers useful tips and hints, including legal requirements relating to document retention.

Shred all documents - Businesses have a duty of care to protect their employees’ and customers’ information and a legal obligation under the Data Protection Act.

Shredding information is the best way to dispose of documents securely and to ensure that criminals cannot gain access to data fraudulently. Cross cut shredders provide greater security by cutting paper into small confetti-like particles and also reduce bulk waste. Companies such as Fellowes offer powerful office shredders which can destroy large quantities of paper as well as CDs. (see ' Useful Links').

Remember, plan ahead - Draft a plan to respond to security incidents. Designate a senior member of your team to create an action plan before a breach happens. It is also vital to promptly pass along information and instructions to employees and customers themselves regarding any new security risks or possible breaches. Read about how to protect your business.