6. Spotting Identity Theft

Identity theft can take many different forms. For example, a criminal might try to use another person’s name and address when establishing an account with a small business that offers delayed (30-days) billing after the date of sale. Or a criminal might try to log-in to another customer’s account and make transactions without their authorization. Or another might use a stolen credit card number to buy products and services.

Getting Started

For a small business, combating identity theft is a three-step process, which needs to be put into action before an event occurs:

  1. Identify types of suspicious behavior.
    Identify in advance what constitutes suspicious behavior. This is often referred to as the "red flags" of identity theft.
  2. Develop policies that will detect suspicious events early — and train your employees.
    Put policies into place that will help you and your employees identify a red flag and catch suspicious events early...or even as they occur.
  3. Respond to suspicious behavior.
    Detecting red flags needs to be matched with potential action plans. The type of action will depend on the type of red flag...and the risk that red flag could lead to identity theft.
  4. Write it down. Type up the lists you just created, above:
    1. The red flags that could affect your small business,
    2. The ways in which your small business will detect suspicious events, and
    3. How your business will respond to suspicious behavior.
    Congratulations — you've just formed the foundation of your Red Flags Policy.

Only 28% of small businesses provide training to employees about Internet safety and security.

Source: 2012 National Small Business Study, National Cyber Security Alliance, Symantec, & JZ Analytics.